On Sat, Sep 12, 2009 at 12:12:05AM +0200, sth...@nethelp.no wrote: > > Who has used tcpdump on FreeBSD 8.x and likes it? Is it just me or is > > it now far harder to investigate network problems using it? > > > > Prior to 8.x, the default output includes SEQ number ranges for any > > TCP packets with data, so a 'tcpdump -n' looks like the following and > > it's immediately obvious that there's 2920 bytes of data missing: > ... > > The same output on 8.x looks like the following. Whilst the last ACK > > packet looks anomolous, there's no useful information to analyse further. > > I agree that this change is rather unhelpful. However, this is the > default for tcpdump 4.0.0. Thus the choice is between the old tcpdump, > the new one (with bugfixes and more protocol decoding), or possibly > the new one plus local patches. Not an easy choice, is it?
While I agree with the original poster that you are missing some data, I also agree that talking to the "vendors" of tcpdump is a better way. Peter, if you are keen on it, submit a port (net/tcpdump39) which gives you the old functionality and alert me about it. Edwin, who at least now knows why tcpdump on 8.0B3 did look so trange. -- Edwin Groothuis Website: http://www.mavetju.org/ ed...@mavetju.org Weblog: http://www.mavetju.org/weblog/ _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
