Re: forces (and sctp) patch

[sthaug () nethelp no]

>     Darren> I'm curious about what the motivation is for splitting the
>     Darren> timestamp and packet data onto separate lines is.
>
>   I think it just kinda happened.
>   I would have to go back and look at who did what...  I think that it
> does not occur in IP/TCP, but it does in IP/SCTP.

Here's my problem. TCP example from tcpdump 3.9.8 (no -v option):

14:11:02.591440 IP 193.75.4.2.57376 > 193.75.110.78.519: P 82:556(474) ack 21 win 8326 <nop,nop,timestamp 170368184 
3051255673>
14:11:02.711436 IP 193.75.4.2.57376 > 193.75.110.78.519: . ack 121 win 8326 <nop,nop,timestamp 170368304 3051257051>

Same TCP example for tcpdump 4.0.0 (no -v option):

14:11:02.591440 IP 193.75.4.2.57376 > 193.75.110.78.519: Flags [P.], ack 21, win 8326, options [nop,nop,TS val 
170368184 ecr 3051255673], length 474
14:11:02.711436 IP 193.75.4.2.57376 > 193.75.110.78.519: Flags [.], ack 121, win 8326, options [nop,nop,TS val 
170368304 ecr 3051257051], length 0

Note that the info about TCP sequence numbers is gone. We can get the
sequence numbers with the -v option:

14:11:02.591440 IP (tos 0x0, ttl 61, id 56912, offset 0, flags [DF], proto TCP (6), length 526)
    193.75.4.2.57376 > 193.75.110.78.519: Flags [P.], cksum 0xc12f (correct), ack 21, win 8326, options [nop,nop,TS val 
170368184 ecr 3051255673], length 474
14:11:02.711436 IP (tos 0x0, ttl 61, id 56916, offset 0, flags [DF], proto TCP (6), length 52)
    193.75.4.2.57376 > 193.75.110.78.519: Flags [.], cksum 0x19ff (correct), ack 121, win 8326, options [nop,nop,TS val 
170368304 ecr 3051257051], length 0

but that also gives us the multi-line format. My claim is that the 3.9.8
format is much preferable (gives me more relevant info) in the face of no
-v option.

Steinar Haug, Nethelp consulting, sthaug () nethelp no
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.