Subject: Re: ascii dump for tcpdump (was Re: truss-like command for netbsd)
To: None <>
From: Michael C. Richardson <>
List: current-users
Date: 10/13/1998 09:08:44
>>>>> "Robert" == Robert Elz <kre@munnari.OZ.AU> writes:
    Robert> On the subject, I'm not sure that ascii conversion of tcpdump
    Robert> output is worth the code it would consume - even the hex output
    Robert> is really useful only when you're faced with protocols that
    Robert> tcpdump doesn't understand, and you want to figure out what's

  I disagree. The hex output is almost always useless because you are looking
for a packet whose contents you may understand in ascii, but don't recognize
in hex. With the ascii output, I can save to a file, and then grep the file.

  I also have patches for AH/ESP headers (no, it doesn't decrypt, but I do
have patches that I never finished to do that as well, and they take a good
guess on whether NULL encryption might have been at work).

    Robert> Once you get past the protocol headers and into the data, you're
    Robert> generally going to be much better off with something designed for
    Robert> debugging the particular protocol of concern, than just looking
    Robert> at ascii flying past.

  This is why contributing more print-*.c to tcpdump is useful.

   :!mcr!:            |  Network and security consulting/contract programming
   Michael Richardson |         Firewalls, TCP/IP and Unix administration
	ON HUMILITY: To err is human, to moo bovine.