tcpslice out of date
Michael Sierchio
kudzu at tenebras.com
Wed Oct 8 21:35:45 PDT 2003
Damian Gerow wrote:
> I was working with tcpdump and tcpslice earlier today, and had a bit of a
> struggle when I found out that it's not Y2K compliant - it doesn't
> understand any year beyond 1999. After stating this on a mailing list, it
> was pointed out that the current source is indeed compliant, but the
> FreeBSD source is a little out-dated.
>
> Any chance we could get an updated tcpslice (and possibly tcpdump, I
> haven't checked to see if it's out of date or not) imported after 4.9?
I'd like to see this, too. These are indispensible tools, no NIDS
will take the place of actual packet forensics.
One thing that seemed possible (unless I was hallucinating) with
newer versions of tcpdump is taking a full packet dump and shortening
packets before rewriting. So, full logs for a week, abbreviated logs
for a month, headers only for a year, etc. can be kept online.
as in 'tcpdump -r infile -s newsnaplen -w outfile'
More information about the freebsd-stable
mailing list