fix bug for issue #1862, that is with new posts today.

[MaoJianwei]

Improve the method to recognize tcpdump existence, covering more output cases in which tcpdump does not support '--version' option
Issue link:
#1862 (comment)

fixes #1862 with new posts today.

[MaoJianwei]

Can we re-trigger the CI checking?

[guedou]

@MaoJianwei which OS/distribution are you using?

[MaoJianwei]

Kernel 3.10，Red Hat 4.8 @guedou

[guedou]

4.8 or 5.8 ?

Could you share the full output of tcpdump --version? Thanks

[MaoJianwei]

4.8 , I got it from cat /proc/version

the output is mentioned at #1862 by me, as follow:

tcpdump: unrecognized option '--version'
tcpdump version 4.5.1
libpcap version 1.5.3
Usage: tcpdump [-aAbdDefhHIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
                [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
                [ -i interface ] [ -j tstamptype ] [ -M secret ]
                [ -P in|out|inout ]
                [ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]
                [ -W filecount ] [ -y datalinktype ] [ -z command ]
                [ -Z user ] [ expression ]

And, this commit works for my server :) @guedou

[guedou]

This line is longer than 79 characters. Please split it.

[MaoJianwei]

I have fixed this, please review again, thanks :)

[codecov]

Codecov Report

Merging #2255 into master will decrease coverage by 0.68%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #2255      +/-   ##
==========================================
- Coverage   85.62%   84.94%   -0.69%     
==========================================
  Files         235      235              
  Lines       49046    49144      +98     
==========================================
- Hits        41997    41746     -251     
- Misses       7049     7398     +349

Impacted Files	Coverage Δ
scapy/arch/common.py	90.8% <100%> (ø)	⬆️
scapy/arch/bpf/supersocket.py	27.77% <0%> (-50.01%)	⬇️
scapy/layers/dhcp6.py	64.18% <0%> (-21.56%)	⬇️
scapy/contrib/openflow.py	78.39% <0%> (-10.42%)	⬇️
scapy/arch/bpf/core.py	81.37% <0%> (-5.89%)	⬇️
scapy/contrib/ethercat.py	93.83% <0%> (-4.33%)	⬇️
scapy/autorun.py	78.51% <0%> (-4.14%)	⬇️
scapy/contrib/homeplugav.py	90.52% <0%> (-1.95%)	⬇️
scapy/contrib/automotive/obd/mid/mids.py	98.37% <0%> (-1.63%)	⬇️
scapy/contrib/http2.py	95.48% <0%> (-1.32%)	⬇️
... and 6 more

[MaoJianwei]

I have fixed this, please review again, thanks :) @guedou

[p-l-]

flake8 fails

[p-l-]

Suggested change

	or output.startswith(b'Usage: tcpdump ') \
	or output.startswith(b'Usage: tcpdump ') \

[p-l-]

Suggested change

	or output.startswith(b'tcpdump: unrecognized option')
	or output.startswith(b'tcpdump: unrecognized option')

[MaoJianwei]

ok, I have fixed it, please review again, thanks :)

[MaoJianwei]

ok, I have fixed it, please review again, thanks :) @p-l-

[rafajot]

I think on my OS it's not going to work:

# cat /etc/redhat-release
CentOS release 6.10 (Final)
# tcpdump --version
tcpdump version 4.1-PRE-CVS_2017_03_21
libpcap version 1.4.0
Usage: tcpdump [-aAdDefhIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
                [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
                [ -i interface ] [ -j tstamptype ] [ -M secret ]
                [ -Q|-P in|out|inout ]
                [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
                [ -W filecount ] [ -y datalinktype ] [ -z command ]
                [ -Z user ] [ expression ]
#

[KingsleyXie]

Got the same problem and similar output with rafajot on CentOS, tcpdump command returns 1 and the output does not meet with current check logic:

# cat /etc/redhat-release
CentOS Linux release 6.2 (Final)

# tcpdump --version
tcpdump version 4.1-PRE-CVS_2012_03_26
libpcap version 1.0.0
Usage: tcpdump [-aAdDefIKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
                [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
                [ -i interface ] [ -M secret ] [ -r file ]
                [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ]
                [ -y datalinktype ] [ -z command ] [ -Z user ]
                [ expression ]

# echo $?
1

So one more condition or output.startswith(b'tcpdump version') \ should be added or maybe just consider changing the check logic, will 'Usage: tcpdump' in output be better for this?

[guedou]

PR #2320 fixes the CentOS issues.