Re: Assumptions needed to get the same tcpdump

[Jefferson Ogata <Jefferson.Ogata () noaa gov>]

On 04/12/2006 07:07 AM, Hannes Gredler wrote:
> if your DNS is configured correct on both systems and you don't do any
> site local private adressing then you should get the identical output
> on both systems - if you specifiy the -n flag then tcpdump does not attempt
> to resolve names, you should be fine i.e. identical output irrespective
> how broken your DNS is.

What about differences in /etc/services?

> Latha G wrote:
> > Cann't we expect the output of tcpdump on different systems for the same
> > input file
> > to be same?
> > I am not getting the same output, in the sense it was differencing at the
> > hostnames..I suppose the problem might be DNS lookups,
> > one was using and the other one not.
> > Whether the both systems has to be DNS enabled or disabled?
> > Is this assumption is needed to get the same output?
> > Like wise , are there any other assumptions ? or it is impossible to
> > get the
> > same output on different systems?
> >
> > Thanks in advance.

-- 
Jefferson Ogata <Jefferson.Ogata () noaa gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt () noaa gov>
"Never try to retrieve anything from a bear."--National Park Service
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.