diff options
author | Guy Harris <guy@alum.mit.edu> | 2010-01-22 04:43:07 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2010-01-22 04:43:07 +0000 |
commit | 1a51e034090e7dcfa128c57d3313ae7f72e99c66 (patch) | |
tree | e3975a0d1493a00b247c0ec7ebdccd11f53c9d68 /docbook/wsug_src | |
parent | 093885ecf97cf6c321720764db1a8e596458145a (diff) |
Clarify tcpdump's default snapshot length a bit - and recommend 65535 as
the argument to "-s" (1500 is too small even for Ethernet, as the
maximum size of packets on Ethernet is 1514 bytes if you don't count the
FCS and 1518 bytes if you do).
svn path=/trunk/; revision=31615
Diffstat (limited to 'docbook/wsug_src')
-rw-r--r-- | docbook/wsug_src/WSUG_app_tools.xml | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/docbook/wsug_src/WSUG_app_tools.xml b/docbook/wsug_src/WSUG_app_tools.xml index 0e6074bd1f..f8229817ff 100644 --- a/docbook/wsug_src/WSUG_app_tools.xml +++ b/docbook/wsug_src/WSUG_app_tools.xml @@ -37,14 +37,14 @@ </para> <para> However, the default <command>tcpdump</command> parameters result in a - capture file where each packet is truncated, because - <command>tcpdump</command>, by default, only captures the first 68 - bytes of each packet. + capture file where each packet is truncated, because most versions of + <command>tcpdump</command>, will, by default, only capture the first + 68 or 96 bytes of each packet. </para> <para> To ensure that you capture complete packets, use the following command: <programlisting> -tcpdump -i <interface> -s 1500 -w <some-file> +tcpdump -i <interface> -s 65535 -w <some-file> </programlisting> You will have to specify the correct <command>interface</command> and the name of a <command>file</command> to save into. In addition, |