New tcpdump in 8.x
sthaug at nethelp.no
sthaug at nethelp.no
Fri Sep 11 22:12:08 UTC 2009
> Who has used tcpdump on FreeBSD 8.x and likes it? Is it just me or is
> it now far harder to investigate network problems using it?
>
> Prior to 8.x, the default output includes SEQ number ranges for any
> TCP packets with data, so a 'tcpdump -n' looks like the following and
> it's immediately obvious that there's 2920 bytes of data missing:
...
> The same output on 8.x looks like the following. Whilst the last ACK
> packet looks anomolous, there's no useful information to analyse further.
I agree that this change is rather unhelpful. However, this is the
default for tcpdump 4.0.0. Thus the choice is between the old tcpdump,
the new one (with bugfixes and more protocol decoding), or possibly
the new one plus local patches. Not an easy choice, is it?
The place to discuss this change is probably the tcpdump-workers list,
tcpdump-workers at lists.tcpdump.org
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the freebsd-net
mailing list