Date: Sat, 12 Sep 2009 08:37:02 +1000 From: Edwin Groothuis <edwin@mavetju.org> To: sthaug@nethelp.no Cc: freebsd-net@freebsd.org, peterjeremy@acm.org Subject: Re: New tcpdump in 8.x Message-ID: <20090911223702.GA4562@mavetju.org> In-Reply-To: <20090912.001205.74713342.sthaug@nethelp.no> References: <20090911215006.GA31432@server.vk2pj.dyndns.org> <20090912.001205.74713342.sthaug@nethelp.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 12, 2009 at 12:12:05AM +0200, sthaug@nethelp.no wrote: > > Who has used tcpdump on FreeBSD 8.x and likes it? Is it just me or is > > it now far harder to investigate network problems using it? > > > > Prior to 8.x, the default output includes SEQ number ranges for any > > TCP packets with data, so a 'tcpdump -n' looks like the following and > > it's immediately obvious that there's 2920 bytes of data missing: > ... > > The same output on 8.x looks like the following. Whilst the last ACK > > packet looks anomolous, there's no useful information to analyse further. > > I agree that this change is rather unhelpful. However, this is the > default for tcpdump 4.0.0. Thus the choice is between the old tcpdump, > the new one (with bugfixes and more protocol decoding), or possibly > the new one plus local patches. Not an easy choice, is it? While I agree with the original poster that you are missing some data, I also agree that talking to the "vendors" of tcpdump is a better way. Peter, if you are keen on it, submit a port (net/tcpdump39) which gives you the old functionality and alert me about it. Edwin, who at least now knows why tcpdump on 8.0B3 did look so trange. -- Edwin Groothuis Website: http://www.mavetju.org/ edwin@mavetju.org Weblog: http://www.mavetju.org/weblog/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090911223702.GA4562>