tcpdump mailing list archives
Re: How to set snaplen for tcpdump
From: Fabian Schneider <schneifa () net in tum de>
Date: Thu, 16 Mar 2006 11:43:49 +0100 (CET)
Hi,
Default snaplen value for tcpdump is 96 bytes. I need to change the snaplen value. How to set it. What's the command for that. If any one has any idea, please pass it on.
Did you allready look into the manpage? SYNOPSIS tcpdump [ -AdDeflLnNOpqRStuUvxX ] [ -c count ] [ -C file_size ] [ -F file ] [ -i interface ] [ -m module ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -E spi@ipaddr algo:secret,... ] [ -y datalinktype ] [ expression ] -s Snarf snaplen bytes of data from each packet rather than the default of 68 (with SunOS's NIT, the minimum is actually 96). 68 bytes is ade‐ quate for IP, ICMP, TCP and UDP but may truncate protocol information from name server and NFS packets (see below). Packets truncated because of a limited snapshot are indicated in the out‐ put with ‘‘[|proto]'', where proto is the name of the protocol level at which the truncation has occurred. Note that taking larger snapshots both increases the amount of time it takes to process packets and, effectively, decreases the amount of packet buffering. This may cause packets to be lost. You should limit snaplen to the smallest number that will capture the proto‐ col information you're interested in. Setting snaplen to 0 means use the required length to catch whole packets. So -s is the command-line option you want to use! regards Fabian Schneider -- Fabian Schneider, Technische Universität München address: Boltzmannstr. 3, 85748 Garching b. Münchenn e-mail: fabian () net in tum de, WWW: http://www.net.in.tum.de/~schneifa phone: +49 89 289-18012, mobile: 0179/2427671- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- How to set snaplen for tcpdump santosh.soule (Mar 16)
- Re: How to set snaplen for tcpdump Fabian Schneider (Mar 16)
- Re: How to set snaplen for tcpdump Hannes Gredler (Mar 16)
- <Possible follow-ups>
- Re: How to set snaplen for tcpdump santosh.soule (Mar 16)