tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: about this mailing list

From: Guy Harris <guy () alum mit edu>
Date: Wed, 11 Jun 2008 19:57:38 -0700

On Jun 11, 2008, at 7:32 PM, Michael Bernstein wrote:
I think mainly all IPS/IDS are based on TCPdump filters and translation into IDS rules.
I don't think that's the case, at least if it's "all IPS/IDS" rather than "most IPS/IDS". A quick look at the "community" rules for Snort CURRENT seem to indicate that you can, for example, do PCRE (Perl- Compatible Regular Expression) matching in rules (see community- imap.rules), which is more than can be done with BPF's simple capabilities (which were conceived with the goal that a simple in- kernel interpreter can execute BPF programs, allowing packets to be discarded before being copied up to the application). I suspect not even "most IPS/IDS" limit their packet inspection to what can be done with a BPF program.
What is it that this tcpdump-workers list aims at? What are you trying to achieve that TCPdump doesn't already address in the program?
If by "the program" you mean "the computer program named 'tcpdump'", then one thing this list is trying to achieve is the same thing that *any* mailing list about *any* piece of software tries to achieve - provide a place where users can ask questions of other users of the program, as well as the developers of the program, questions about how to use the program, questions about why the program behaves in a particular way, and the like.
It's also a place where developers can ask other developers about the right way to add new features or fix bugs (with Wireshark, for example, there are separate wireshark-users and wireshark-dev lists; there's only one list for tcpdump, which is used for both).
In addition, because the original developers of tcpdump took its low- level traffic capture code and put it into the libpcap library, and the current developers also develop libpcap, and because no libpcap mailing list has been created, it's also a list for people writing programs that use libpcap, as well as for people working on libpcap. 
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: