Clarify tcpdump's default snapshot length a bit - and recommend 65535 as

the argument to "-s" (1500 is too small even for Ethernet, as the maximum size of packets on Ethernet is 1514 bytes if you don't count the FCS and 1518 bytes if you do). svn path=/trunk/; revision=31615
2010-01-22 04:43:07 +00:00 · 2010-01-22 04:43:07 +00:00 · 1a51e03409
parent 093885ecf9
commit 1a51e03409
1 changed files with 4 additions and 4 deletions
--- a/docbook/wsug_src/WSUG_app_tools.xml
+++ b/docbook/wsug_src/WSUG_app_tools.xml
@ -37,14 +37,14 @@
    </para>
    <para>
      However, the default <command>tcpdump</command> parameters result in a
-      capture file where each packet is truncated, because
-      <command>tcpdump</command>, by default, only captures the first 68
-	  bytes of each packet.
+      capture file where each packet is truncated, because most versions of
+      <command>tcpdump</command>, will, by default, only capture the first
+      68 or 96 bytes of each packet.
    </para>
    <para>
      To ensure that you capture complete packets, use the following command:
      <programlisting>
-tcpdump -i &lt;interface> -s 1500 -w &lt;some-file>
+tcpdump -i &lt;interface> -s 65535 -w &lt;some-file>
      </programlisting>
      You will have to specify the correct <command>interface</command> and
      the name of a <command>file</command> to save into. In addition,