Date: Wed, 08 Oct 2003 21:35:41 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: stable@freebsd.org Subject: Re: tcpslice out of date Message-ID: <3F84E59D.60402@tenebras.com> In-Reply-To: <20031009025421.8407143FAF@mx1.FreeBSD.org> References: <20031009025421.8407143FAF@mx1.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Damian Gerow wrote: > I was working with tcpdump and tcpslice earlier today, and had a bit of a > struggle when I found out that it's not Y2K compliant - it doesn't > understand any year beyond 1999. After stating this on a mailing list, it > was pointed out that the current source is indeed compliant, but the > FreeBSD source is a little out-dated. > > Any chance we could get an updated tcpslice (and possibly tcpdump, I > haven't checked to see if it's out of date or not) imported after 4.9? I'd like to see this, too. These are indispensible tools, no NIDS will take the place of actual packet forensics. One thing that seemed possible (unless I was hallucinating) with newer versions of tcpdump is taking a full packet dump and shortening packets before rewriting. So, full logs for a week, abbreviated logs for a month, headers only for a year, etc. can be kept online. as in 'tcpdump -r infile -s newsnaplen -w outfile'
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F84E59D.60402>