From owner-freebsd-stable@FreeBSD.ORG  Wed Oct  8 21:35:45 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 47F4916A4B3
	for <stable@freebsd.org>; Wed,  8 Oct 2003 21:35:45 -0700 (PDT)
Received: from tenebras.com (dnscache.tenebras.com [66.92.188.165])
	by mx1.FreeBSD.org (Postfix) with SMTP id 7EC6743F75
	for <stable@freebsd.org>; Wed,  8 Oct 2003 21:35:44 -0700 (PDT)
	(envelope-from kudzu@tenebras.com)
Received: (qmail 38640 invoked from network); 9 Oct 2003 04:35:42 -0000
Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241)
  by laptop.tenebras.com with SMTP; 9 Oct 2003 04:35:42 -0000
Message-ID: <3F84E59D.60402@tenebras.com>
Date: Wed, 08 Oct 2003 21:35:41 -0700
From: Michael Sierchio <kudzu@tenebras.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624
X-Accept-Language: en-us, zh-tw, zh-cn, fr, en, de-de
MIME-Version: 1.0
To: stable@freebsd.org
References: <20031009025421.8407143FAF@mx1.FreeBSD.org>
In-Reply-To: <20031009025421.8407143FAF@mx1.FreeBSD.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: tcpslice out of date
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2003 04:35:45 -0000

Damian Gerow wrote:
> I was working with tcpdump and tcpslice earlier today, and had a bit of a
> struggle when I found out that it's not Y2K compliant - it doesn't
> understand any year beyond 1999.  After stating this on a mailing list, it
> was pointed out that the current source is indeed compliant, but the
> FreeBSD source is a little out-dated.
> 
> Any chance we could get an updated tcpslice (and possibly tcpdump, I
> haven't checked to see if it's out of date or not) imported after 4.9?

I'd like to see this, too.  These are indispensible tools, no NIDS
will take the place of actual packet forensics.

One thing that seemed possible (unless I was hallucinating) with
newer versions of tcpdump is taking a full packet dump and shortening
packets before rewriting.  So, full logs for a week, abbreviated logs
for a month, headers only for a year, etc. can be kept online.

as in 'tcpdump -r infile -s newsnaplen -w outfile'