Date: Sat, 12 Sep 2009 00:12:05 +0200 (CEST) From: sthaug@nethelp.no To: peterjeremy@acm.org Cc: freebsd-net@freebsd.org Subject: Re: New tcpdump in 8.x Message-ID: <20090912.001205.74713342.sthaug@nethelp.no> In-Reply-To: <20090911215006.GA31432@server.vk2pj.dyndns.org> References: <20090911215006.GA31432@server.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Who has used tcpdump on FreeBSD 8.x and likes it? Is it just me or is
> it now far harder to investigate network problems using it?
>
> Prior to 8.x, the default output includes SEQ number ranges for any
> TCP packets with data, so a 'tcpdump -n' looks like the following and
> it's immediately obvious that there's 2920 bytes of data missing:
...
> The same output on 8.x looks like the following. Whilst the last ACK
> packet looks anomolous, there's no useful information to analyse further.
I agree that this change is rather unhelpful. However, this is the
default for tcpdump 4.0.0. Thus the choice is between the old tcpdump,
the new one (with bugfixes and more protocol decoding), or possibly
the new one plus local patches. Not an easy choice, is it?
The place to discuss this change is probably the tcpdump-workers list,
tcpdump-workers@lists.tcpdump.org
Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090912.001205.74713342.sthaug>