Re: tcpdump --color ?

[Michael Richardson <mcr () sandelman ca>]

> > > > > "Bass" == Bass  <swu4kzi9k4bx () gmail com> writes:
    Bass> Hi, I've been using tcpdump a lot more lately and staring at
    Bass> long streams of packets and was wondering if the tcpdump devs
    Bass> would be willing to add a "--color" option to colorize the
    Bass> different major fields in the output.

Well, you'd have to spell it properly as: "--colour" :-)

    Bass> For example, the timestamp could be one color, the protocol
    Bass> could be a different color, src & dst could be a different
    Bass> color, flags, tcp options, etc.

    Bass> It'd be especially cool and useful if the hex output from -x
    Bass> or -X colorized the different headers of the packet so that
    Bass> the ethernet frame hex values would be all one color, the IP
    Bass> header hex values would be a different color, and the embedded
    Bass> protocol values would be a different color as well.  This
    Bass> would make it very easy to see the start and end of each
    Bass> header in the hex output.

I'm not opposed to it.
I would not want to add a dependancy to libncurses though.
Perhaps we can create a utility program that tcpdump invokes,
which users ncurses to get all the right colour strings. tcpdump
can popen() that and read the results and use them.

The difficult part is sprinkling these all the code.
It might be easier to sprinkle XML through it...

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
                       then sign the petition. 
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.