From 1a51e034090e7dcfa128c57d3313ae7f72e99c66 Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Fri, 22 Jan 2010 04:43:07 +0000
Subject: [PATCH] Clarify tcpdump's default snapshot length a bit - and
 recommend 65535 as the argument to "-s" (1500 is too small even for Ethernet,
 as the maximum size of packets on Ethernet is 1514 bytes if you don't count
 the FCS and 1518 bytes if you do).

svn path=/trunk/; revision=31615
---
 docbook/wsug_src/WSUG_app_tools.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docbook/wsug_src/WSUG_app_tools.xml b/docbook/wsug_src/WSUG_app_tools.xml
index 0e6074bd1f..f8229817ff 100644
--- a/docbook/wsug_src/WSUG_app_tools.xml
+++ b/docbook/wsug_src/WSUG_app_tools.xml
@@ -37,14 +37,14 @@
     </para>
     <para>
       However, the default <command>tcpdump</command> parameters result in a
-      capture file where each packet is truncated, because
-      <command>tcpdump</command>, by default, only captures the first 68
-	  bytes of each packet.
+      capture file where each packet is truncated, because most versions of
+      <command>tcpdump</command>, will, by default, only capture the first
+      68 or 96 bytes of each packet.
     </para>
     <para>
       To ensure that you capture complete packets, use the following command:
       <programlisting>
-tcpdump -i &lt;interface> -s 1500 -w &lt;some-file>
+tcpdump -i &lt;interface> -s 65535 -w &lt;some-file>
       </programlisting>
       You will have to specify the correct <command>interface</command> and
       the name of a <command>file</command> to save into. In addition,