tcpdump mailing list archives
Re: Multi-line output
From: Bill Fenner <fenner () research att com>
Date: Fri, 14 Mar 2003 08:22:34 -0800
Consistency is good, and I applaud the move towards it. My worry is that there are certain usage modes of tcpdump that require single-line output, e.g. "I want to see all the DHCP transactions that involve a host named forbin" could be "tcpdump -v udp port 67 or udp port 68 | grep forbin". I agree that when you're studying individual packets, the multi-line output is significantly easier to read. I also think that we should think carefully about what information is the most useful - e.g. how about printing the DHCP message type and the requested or assigned IP address in the non-verbose mode? That way a run without -v still captures some very useful info but does not give the monstrous long lines that printing all the info does. Finally, if we're assigning blame, this is partly my fault - if I want to be providing direction to tcpdump, I should be paying more day to day attention to what's going on. Bill - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Multi-line output Bill Fenner (Mar 12)
- Re: Multi-line output Guy Harris (Mar 12)
- Re: Multi-line output Hannes Gredler (Mar 14)
- Re: Multi-line output Bill Fenner (Mar 14)