tcpdump mailing list archives
Re: Assumptions needed to get the same tcpdump
From: Jefferson Ogata <Jefferson.Ogata () noaa gov>
Date: Wed, 12 Apr 2006 12:36:44 -0400
On 04/12/2006 07:07 AM, Hannes Gredler wrote:
if your DNS is configured correct on both systems and you don't do any site local private adressing then you should get the identical output on both systems - if you specifiy the -n flag then tcpdump does not attempt to resolve names, you should be fine i.e. identical output irrespective how broken your DNS is.
What about differences in /etc/services?
Latha G wrote:Cann't we expect the output of tcpdump on different systems for the same input file to be same? I am not getting the same output, in the sense it was differencing at the hostnames..I suppose the problem might be DNS lookups, one was using and the other one not. Whether the both systems has to be DNS enabled or disabled? Is this assumption is needed to get the same output? Like wise , are there any other assumptions ? or it is impossible to get the same output on different systems? Thanks in advance.
-- Jefferson Ogata <Jefferson.Ogata () noaa gov> NOAA Computer Incident Response Team (N-CIRT) <ncirt () noaa gov> "Never try to retrieve anything from a bear."--National Park Service - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Assumptions needed to get the same tcpdump output on different systems? Latha G (Apr 11)
- Re: Assumptions needed to get the same tcpdump Hannes Gredler (Apr 12)
- Re: Assumptions needed to get the same tcpdump Jefferson Ogata (Apr 12)
- Re: Assumptions needed to get the same tcpdump Hannes Gredler (Apr 12)