Subject: Re: ascii dump for tcpdump (was Re: truss-like command for netbsd)
To: None <email@example.com>
From: Michael C. Richardson <firstname.lastname@example.org>
Date: 10/13/1998 09:08:44
>>>>> "Robert" == Robert Elz <kre@munnari.OZ.AU> writes:
Robert> On the subject, I'm not sure that ascii conversion of tcpdump
Robert> output is worth the code it would consume - even the hex output
Robert> is really useful only when you're faced with protocols that
Robert> tcpdump doesn't understand, and you want to figure out what's
I disagree. The hex output is almost always useless because you are looking
for a packet whose contents you may understand in ascii, but don't recognize
in hex. With the ascii output, I can save to a file, and then grep the file.
I also have patches for AH/ESP headers (no, it doesn't decrypt, but I do
have patches that I never finished to do that as well, and they take a good
guess on whether NULL encryption might have been at work).
Robert> Once you get past the protocol headers and into the data, you're
Robert> generally going to be much better off with something designed for
Robert> debugging the particular protocol of concern, than just looking
Robert> at ascii flying past.
This is why contributing more print-*.c to tcpdump is useful.
:!mcr!: | Network and security consulting/contract programming
Michael Richardson | Firewalls, TCP/IP and Unix administration
ON HUMILITY: To err is human, to moo bovine.