Clarify tcpdump's default snapshot length a bit - and recommend 65535 as
the argument to "-s" (1500 is too small even for Ethernet, as the maximum size of packets on Ethernet is 1514 bytes if you don't count the FCS and 1518 bytes if you do). svn path=/trunk/; revision=31615
This commit is contained in:
parent
093885ecf9
commit
1a51e03409
|
@ -37,14 +37,14 @@
|
|||
</para>
|
||||
<para>
|
||||
However, the default <command>tcpdump</command> parameters result in a
|
||||
capture file where each packet is truncated, because
|
||||
<command>tcpdump</command>, by default, only captures the first 68
|
||||
bytes of each packet.
|
||||
capture file where each packet is truncated, because most versions of
|
||||
<command>tcpdump</command>, will, by default, only capture the first
|
||||
68 or 96 bytes of each packet.
|
||||
</para>
|
||||
<para>
|
||||
To ensure that you capture complete packets, use the following command:
|
||||
<programlisting>
|
||||
tcpdump -i <interface> -s 1500 -w <some-file>
|
||||
tcpdump -i <interface> -s 65535 -w <some-file>
|
||||
</programlisting>
|
||||
You will have to specify the correct <command>interface</command> and
|
||||
the name of a <command>file</command> to save into. In addition,
|
||||
|
|
Loading…
Reference in New Issue