Re: Multi-line output

[Bill Fenner <fenner () research att com>]

Consistency is good, and I applaud the move towards it.  My worry is that
there are certain usage modes of tcpdump that require single-line output,
e.g. "I want to see all the DHCP transactions that involve a host named
forbin" could be "tcpdump -v udp port 67 or udp port 68 | grep forbin".
I agree that when you're studying individual packets, the multi-line
output is significantly easier to read.

I also think that we should think carefully about what information is the
most useful - e.g. how about printing the DHCP message type and the requested
or assigned IP address in the non-verbose mode?  That way a run without -v
still captures some very useful info but does not give the monstrous long
lines that printing all the info does.

Finally, if we're assigning blame, this is partly my fault - if I want
to be providing direction to tcpdump, I should be paying more day to
day attention to what's going on.

  Bill
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe