current-users: Re: ascii dump for tcpdump (was Re: truss-like command for netbsd)

Subject: Re: ascii dump for tcpdump (was Re: truss-like command for netbsd)
To: Jason Thorpe <thorpej@nas.nasa.gov>
From: David Greenman <dg@root.com>
List: current-users
Date: 10/12/1998 12:19:11

>On 12 Oct 1998 11:12:45 -0700 
> Wolfgang Rupprecht <wolfgang@wsrcc.com> wrote:
>
> > One other point to consider is that its been a *long* time since
> > tcpdump first came out.  Back in the early days of tcpdump it wasn't
> > common for folks to use encrypted logins.  If someone snooped the
> > ethernet you were basically hosed.  There were no choices.  Nowadays
> > there are kerberos and ssh.
>
>More importantly, I think LBL's excuse is rather lame, considering
>that:
>
>	(a) tcpdump is available in source form, and anyone can add
>	    ASCII dumps to it fairly easily.
>
>	(b) anyone with perms to run tcpdump can trivially write their
>	    own BPF-using program to dump packets in ASCII format.
>
>Bascically, if you don't want people to sniff your wire, make it so
>they can't open /dev/bpf*.  Since our tcpdump isn't setuid, what's
>the problem?

   ...and of course you can do this as well:

tcpdump -s 1500 -l -w - | strings

   Not quite the same, but useful.

-DG

David Greenman
Co-founder/Principal Architect, The FreeBSD Project