From owner-freebsd-net@FreeBSD.ORG Fri Sep 11 22:12:08 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9EDCB106566B for ; Fri, 11 Sep 2009 22:12:08 +0000 (UTC) (envelope-from sthaug@nethelp.no) Received: from bizet.nethelp.no (bizet.nethelp.no [195.1.209.33]) by mx1.freebsd.org (Postfix) with SMTP id E45C28FC0C for ; Fri, 11 Sep 2009 22:12:07 +0000 (UTC) Received: (qmail 27622 invoked from network); 11 Sep 2009 22:12:05 -0000 Received: from bizet.nethelp.no (HELO localhost) (195.1.209.33) by bizet.nethelp.no with SMTP; 11 Sep 2009 22:12:05 -0000 Date: Sat, 12 Sep 2009 00:12:05 +0200 (CEST) Message-Id: <20090912.001205.74713342.sthaug@nethelp.no> To: peterjeremy@acm.org From: sthaug@nethelp.no In-Reply-To: <20090911215006.GA31432@server.vk2pj.dyndns.org> References: <20090911215006.GA31432@server.vk2pj.dyndns.org> X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: New tcpdump in 8.x X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Sep 2009 22:12:08 -0000 > Who has used tcpdump on FreeBSD 8.x and likes it? Is it just me or is > it now far harder to investigate network problems using it? > > Prior to 8.x, the default output includes SEQ number ranges for any > TCP packets with data, so a 'tcpdump -n' looks like the following and > it's immediately obvious that there's 2920 bytes of data missing: ... > The same output on 8.x looks like the following. Whilst the last ACK > packet looks anomolous, there's no useful information to analyse further. I agree that this change is rather unhelpful. However, this is the default for tcpdump 4.0.0. Thus the choice is between the old tcpdump, the new one (with bugfixes and more protocol decoding), or possibly the new one plus local patches. Not an easy choice, is it? The place to discuss this change is probably the tcpdump-workers list, tcpdump-workers@lists.tcpdump.org Steinar Haug, Nethelp consulting, sthaug@nethelp.no