tcpdump help

[John Chambers]

Matt wrote:
| On Wed, 27 Feb 2002, Ron Peterson wrote:
|
| > I'm getting the hang of it now.  I also found "promiscuous" mode - which is
| > how I was expecting tcpdump to operate by default.  That was what was
| > confusing me.
|
|    Be careful with this.  tcpdump has changed behavior at least two times
| in as many years.  Originally it would set the interface to promiscuous,
| and '-p' told it not to.  Then it was changed, somewhere around v3.4, so
| that it didn't force promiscuous UNLESS you used '-p'.  Now, at version
| 3.6 (RedHat 7.2), the original behavior is back.  The bright side is that
| through the changes the man page has been an accurate reference.

Jeez; you'd think people would have caught on to how to  handle  this
problem  by now.  Something that was discussed at least 20 years ago,
and is only now starting to appear:  Lots of unix tools  have  always
used both '-' and '+' for various flags. We oughta standardize on the
idea that '-' means "negative" (or "no") and '+' means "positive" (or
"yes")  whenever  such  a concept applies.  This isn't exactly a real
sophisticated idea; the concept has been taught in grade school for a
few centuries now.

This would mean that for tcpdump, -p would mean non-promiscuous mode,
and +p would mean promiscuous mode.  Then the dummies at the vendors'
sites could make the default whatever they like, and users could just
learn  to  use the -p or +p options to overcome the vendors' attempts
to make the default useless.

This could very well be done with tcpdump now. Since we have versions
out that reverse the meaning of tcpdump's -p option, the -p option is
now in fact useless.  It's a perfect opportunity for someone to  step
in  and  implement  the -p/+p options as above, and present it as the
solution to the whole mess.   Once  this  new  version  spreads,  the
problems would be fixed.

(For a really funny example of this mess, look at "man xterm".   Most
of  xterm's options come in a '-' and '+' form.  Half of them use the
"- is negative, + is positive" approach; the other  half  use  "+  is
negagive,  -  is  positive".   It's  hard to imagine how anyone smart
enough to work on xterm in the first  place  could  have  so  totally
botched the job of handling options, but they've managed.  ;-)

(And when people make too many claims about the great intelligence of
unix  geeks,  I like to present this issue as a counterexample.  It's
not like "- means negative, + means positive" is any great  technical
secret  that's  too complex for anyone but an Einstein to understand.
What appears to be the case is  that  a  lot  of  unix  software  was
written  by  people  with  so little mathematical education that they
don't even understand  this  idea.   Reading  the  occasional  usenet
discussions  of  the topic goes a long way towards disabusing readers
of the level of mathematical understanding in the software field.)

It's all as annoying as hell to those of us trying to write  portable
shell  scripts.   And  it really interferes with trying to write good
install and config scripts.