 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Matt wrote: | On Wed, 27 Feb 2002, Ron Peterson wrote: | | > I'm getting the hang of it now. I also found "promiscuous" mode - which is | > how I was expecting tcpdump to operate by default. That was what was | > confusing me. | | Be careful with this. tcpdump has changed behavior at least two times | in as many years. Originally it would set the interface to promiscuous, | and '-p' told it not to. Then it was changed, somewhere around v3.4, so | that it didn't force promiscuous UNLESS you used '-p'. Now, at version | 3.6 (RedHat 7.2), the original behavior is back. The bright side is that | through the changes the man page has been an accurate reference. Jeez; you'd think people would have caught on to how to handle this problem by now. Something that was discussed at least 20 years ago, and is only now starting to appear: Lots of unix tools have always used both '-' and '+' for various flags. We oughta standardize on the idea that '-' means "negative" (or "no") and '+' means "positive" (or "yes") whenever such a concept applies. This isn't exactly a real sophisticated idea; the concept has been taught in grade school for a few centuries now. This would mean that for tcpdump, -p would mean non-promiscuous mode, and +p would mean promiscuous mode. Then the dummies at the vendors' sites could make the default whatever they like, and users could just learn to use the -p or +p options to overcome the vendors' attempts to make the default useless. This could very well be done with tcpdump now. Since we have versions out that reverse the meaning of tcpdump's -p option, the -p option is now in fact useless. It's a perfect opportunity for someone to step in and implement the -p/+p options as above, and present it as the solution to the whole mess. Once this new version spreads, the problems would be fixed. (For a really funny example of this mess, look at "man xterm". Most of xterm's options come in a '-' and '+' form. Half of them use the "- is negative, + is positive" approach; the other half use "+ is negagive, - is positive". It's hard to imagine how anyone smart enough to work on xterm in the first place could have so totally botched the job of handling options, but they've managed. ;-) (And when people make too many claims about the great intelligence of unix geeks, I like to present this issue as a counterexample. It's not like "- means negative, + means positive" is any great technical secret that's too complex for anyone but an Einstein to understand. What appears to be the case is that a lot of unix software was written by people with so little mathematical education that they don't even understand this idea. Reading the occasional usenet discussions of the topic goes a long way towards disabusing readers of the level of mathematical understanding in the software field.) It's all as annoying as hell to those of us trying to write portable shell scripts. And it really interferes with trying to write good install and config scripts.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
