Date: Tue, 5 Aug 2003 17:35:11 -0700 (PDT) From: John Polstra <jdp@polstra.com> To: net@freebsd.org Cc: edwin@freebsd.org Subject: Re: bpf, ipfw and before-and-after Message-ID: <200308060035.h760ZBwU007379@strings.polstra.com> In-Reply-To: <20030806001459.GB558@k7.mavetju> References: <20030805133922.GA7713@k7.mavetju> <200308051817.h75IH7jb006622@strings.polstra.com> <20030806001459.GB558@k7.mavetju>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <20030806001459.GB558@k7.mavetju>, Edwin Groothuis <edwin@freebsd.org> wrote: > On Tue, Aug 05, 2003 at 11:17:07AM -0700, John Polstra wrote: > > Tcpdump has always shown traffic _at_ the network interface. That's > > why it has the "-i" option. I would not like to see that behavior > > changed. > > I totally agree with the idea that it is _at_ the network interface, > but if you think about what people are actually using it for you > realise that most of the output you're interested in is at the IP > or the TCP layer. Different people use tcpdump for different things. I myself typically use it when I'm debugging ethernet drivers. When I use it to look at the IP or TCP layer, I generally specify a filter on the command line so that I only see what I'm interested in. Given that tcpdump has been around for so long, and that it can be used for so many different purposes, and that it allows the specification of a packet filter on its command line, it doesn't make sense to move its packet hooks to somewhere else by default. > If you want it to be enabled via a kernel option, fine with me. Great. That's all I'm asking for. John -- John Polstra John D. Polstra & Co., Inc. Seattle, Washington USA "Two buttocks cannot avoid friction." -- Malawi saying
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308060035.h760ZBwU007379>