I was working with tcpdump and tcpslice earlier today, and had a bit of a struggle when I found out that it's not Y2K compliant - it doesn't understand any year beyond 1999. After stating this on a mailing list, it was pointed out that the current source is indeed compliant, but the FreeBSD source is a little out-dated. Any chance we could get an updated tcpslice (and possibly tcpdump, I haven't checked to see if it's out of date or not) imported after 4.9?
Damian Gerow wrote:> I was working with tcpdump and tcpslice earlier today, and had a bit of a > struggle when I found out that it's not Y2K compliant - it doesn't > understand any year beyond 1999. After stating this on a mailing list, it > was pointed out that the current source is indeed compliant, but the > FreeBSD source is a little out-dated. > > Any chance we could get an updated tcpslice (and possibly tcpdump, I > haven't checked to see if it's out of date or not) imported after 4.9?I'd like to see this, too. These are indispensible tools, no NIDS will take the place of actual packet forensics. One thing that seemed possible (unless I was hallucinating) with newer versions of tcpdump is taking a full packet dump and shortening packets before rewriting. So, full logs for a week, abbreviated logs for a month, headers only for a year, etc. can be kept online. as in 'tcpdump -r infile -s newsnaplen -w outfile'
If memory serves me right, Damian Gerow wrote:> I was working with tcpdump and tcpslice earlier today, and had a bit of a > struggle when I found out that it's not Y2K compliant - it doesn't > understand any year beyond 1999. After stating this on a mailing list, it > was pointed out that the current source is indeed compliant, but the > FreeBSD source is a little out-dated. > > Any chance we could get an updated tcpslice (and possibly tcpdump, I > haven't checked to see if it's out of date or not) imported after 4.9?There's a newer (Y2K-compliant) version in ports (net/tcpslice). I was talking with Bill Fenner (CC-ed) about the possibility of importing this newer version to the base system but I think both of us had too many other things to deal with. :-p IMHO, we should either import a newer version to the base system or kill it altogether and rely on the one in ports. Bruce. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20031009/0860e05d/attachment.bin