Re: [tcpdump-workers] proposed change: make tcpdump -n and tcpdump -nn behave differently

Sun, 04 Nov 2018 07:32:40 -0800 

Hello,

On Tue, Oct 30, 2018 at 09:48:13AM +0000, Denis Ovsienko wrote:
> At https://github.com/the-tcpdump-group/tcpdump/pull/702 there is a simple 
> proposed change, which seems to be an improvement:
> -------------------------
> Subject: Introduce -nn option
> 
> This changes the semantics on -n option so only namelookups are skipped. Port
> numbers *are* translated to their string representations. Option -nn then has
> the same semantics as -n had originally.
> 
> This is a partial upstreaming of tcpdump-4.9.2-3 used in CentOs 7.5.
> -------------------------
> 
> If anybody sees how this change isn't an improvement, please make your point 
> on the list.

I'm not so much for changing the behaviour of -n without good cause - using -n 
frequently between
systems with different versions of tcpdump will likely force me to time and 
again type the command
and then rerun it with the correct option.
Maybe doing it the way Wireshark/tshark does it makes more sense, i.e. modify 
-N to add the
specific things to resolve and with no qualifiers keep the original behaviour.

---- excerpt from man tshark ---------------
       -N  <name resolving flags>
           Turn on name resolving only for particular types of addresses and 
port numbers, with name
           resolving for other types of addresses and port numbers turned off.  
This option overrides -n if
           both -N and -n are present.  If both -N and -n options are not 
present, all name resolutions are
           turned on.

           The argument is a string that may contain the letters:

           d to enable resolution from captured DNS packets

           m to enable MAC address resolution

           n to enable network address resolution

           N to enable using external resolvers (e.g., DNS) for network address 
resolution

           t to enable transport-layer port number resolution

           v to enable VLAN IDs to names resolution
-------------------------------------------------

Kind regards
   Jörg

-- 
Joerg Mayer                                           <jma...@loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Reply via email to