by redmail.netbsd.org with SMTP; 1 Oct 1999 00:03:55 -0000
Message-Id: <199910010000.KAA18974@zen.quick.com.au>
 via SMTP by localhost, id smtpd18963a; Thu Sep 30 17:00:19 1999
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
cc: tech-security@netbsd.org, sjg@quick.com.au
Subject: Re: ascii dump for tcpdump 
In-reply-to: Your message of "Thu, 30 Sep 99 18:04:27 -0400."
             <199909302204.SAA01345@Twig.Rodents.Montreal.QC.CA> 
Date: Fri, 01 Oct 1999 10:00:19 +1000
From: "Simon J. Gerraty" <sjg@quick.com.au>

[taking this to tech-security]

> While we're hacking on tcpdump, does anyone know why it's so schizoid
> about printing the link-level header?  It's a major pain to use tcpdump

Yes.  My original tcpdump patches had some goop to control how much of
the packet is dumped.  I didn't inlcude it though as I intend to see
if I can't do it better.  Essentially a separate option that will 
indicate that you want to dump, the entire packet or just the "data"
portion, and possibly something in between.  Of course the definition
of "data" portion will vary with protocol and is probably best handled
by updating a global "dump" ptr which the various print routines can
update as they consume the packet.

--sjg