Add tcpdump.cfg

[jtpereyda]

Add a tcpdump.cfg to builtin configs. Tested with various permutations of -v, -e, -n, -S, -X.

Color design notes:

1. The IP and Ethernet address colors are based on ip address --color. It also matches the IP color in ping.cfg.
2. I didn't find any precedent for port number color, though blue seemed to go nicely with the magenta.
3. The faint timestamp feels like a nice balance to me. It sort of highlights the start of the packet (helpful for multi-line packets) without drawing too much visual attention to itself. I tried bold but that seemed to add visual clutter.

Known limitations:

1. Only the default timestamp format is supported.
2. Transport layer protocols besides TCP and UDP not supported.
3. Network layer protocols besides IPv4 and IPv6 not tested.
4. Ditto for unusual link-layer protocols.

As an aside: More expressive filters could help this config; there are a few hacks to make it work right now. If one could configure overlapping patterns, that would help a lot. A major trouble is that after colors are added, the same expression cannot be used in a lookbehind -- apparently because the ANSI color codes are now inserted into the string.

[nicoulaj]

Thanks!

As an aside: More expressive filters could help this config; there are a few hacks to make it work right now. If one could configure overlapping patterns, that would help a lot. A major trouble is that after colors are added, the same expression cannot be used in a lookbehind -- apparently because the ANSI color codes are now inserted into the string.

Yes, I planned to rethink revamp the syntax for configs but can't find the time. There are several related issues: #2 #63 #64 #67