Mastodawn

Does anyone know what the following at the end of a line of output from #tcpdump means?

[!smtp]

When sniffing SMTP traffic.

The man page on the system says that the following in the same position indicates snap length truncation.

[|smtp]

But the first (unknown) is an exclamation point while the second (snap length) is a pipe character.

I’m having trouble finding a description of what [!smtp] means.

🙁

It seems to me that #tcpdump’s SMTP dissector might not be as functional as hoped.

As in possibly nothing more than a stub for future code.

The print-smtp.c file seems to be skeleton.

Compared to print-http.c which includes HTTP verbs.

The former has a NULL in the function call where the latter has an array of verbs.

So [!smtp] may be a red herring.