tcpdump mailing list archives

Re: proposed change: make tcpdump -n and tcpdump -nn behave differently

From: Joerg Mayer <jmayer () loplof de>
Date: Sun, 4 Nov 2018 16:31:35 +0100

Hello,

On Tue, Oct 30, 2018 at 09:48:13AM +0000, Denis Ovsienko wrote:

At https://github.com/the-tcpdump-group/tcpdump/pull/702 there is a simple proposed change, which seems to be an 
improvement:
-------------------------
Subject: Introduce -nn option

This changes the semantics on -n option so only namelookups are skipped. Port
numbers *are* translated to their string representations. Option -nn then has
the same semantics as -n had originally.

This is a partial upstreaming of tcpdump-4.9.2-3 used in CentOs 7.5.
-------------------------

If anybody sees how this change isn't an improvement, please make your point on the list.


I'm not so much for changing the behaviour of -n without good cause - using -n frequently between
systems with different versions of tcpdump will likely force me to time and again type the command
and then rerun it with the correct option.
Maybe doing it the way Wireshark/tshark does it makes more sense, i.e. modify -N to add the
specific things to resolve and with no qualifiers keep the original behaviour.

---- excerpt from man tshark ---------------
       -N  <name resolving flags>
           Turn on name resolving only for particular types of addresses and port numbers, with name
           resolving for other types of addresses and port numbers turned off.  This option overrides -n if
           both -N and -n are present.  If both -N and -n options are not present, all name resolutions are
           turned on.

           The argument is a string that may contain the letters:

           d to enable resolution from captured DNS packets

           m to enable MAC address resolution

           n to enable network address resolution

           N to enable using external resolvers (e.g., DNS) for network address resolution

           t to enable transport-layer port number resolution

           v to enable VLAN IDs to names resolution
-------------------------------------------------

Kind regards
   Jörg

-- 
Joerg Mayer                                           <jmayer () loplof de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

proposed change: make tcpdump -n and tcpdump -nn behave differently Denis Ovsienko (Oct 30)
- Re: proposed change: make tcpdump -n and tcpdump -nn behave differently Rick Jones (Oct 30)
- Re: proposed change: make tcpdump -n and tcpdump -nn behave differently Joerg Mayer (Nov 04)