tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to set snaplen for tcpdump

From: Fabian Schneider <schneifa () net in tum de>
Date: Thu, 16 Mar 2006 11:43:49 +0100 (CET)

Hi,


Default snaplen value for tcpdump is 96 bytes. I need to change the
snaplen value. How to set it. What's the command for that.
If any one has any idea, please pass it on.


Did you allready look into the manpage? 

SYNOPSIS
       tcpdump [ -AdDeflLnNOpqRStuUvxX ] [ -c count ]
               [ -C file_size ] [ -F file ]
               [ -i interface ] [ -m module ] [ -r file ]
               [ -s snaplen ] [ -T type ] [ -w file ]
               [ -E spi@ipaddr algo:secret,...  ]
               [ -y datalinktype ]
               [ expression ]

       -s     Snarf snaplen bytes of  data  from  each  packet
              rather than the default of 68 (with SunOS's NIT,
              the minimum is actually 96).  68 bytes  is  ade‐
              quate for IP, ICMP, TCP and UDP but may truncate
              protocol information from name  server  and  NFS
              packets  (see below).  Packets truncated because
              of a limited snapshot are indicated in the  out‐
              put  with  ‘‘[|proto]'', where proto is the name
              of the protocol level at  which  the  truncation
              has occurred.  Note that taking larger snapshots
              both increases the amount of time  it  takes  to
              process  packets and, effectively, decreases the
              amount of  packet  buffering.   This  may  cause
              packets to be lost.  You should limit snaplen to
              the smallest number that will capture the proto‐
              col  information  you're interested in.  Setting
              snaplen to 0 means use the  required  length  to
              catch whole packets.

So -s is the command-line option you want to use!

   regards      
   Fabian Schneider

-- 
Fabian Schneider,  Technische Universität München
address: Boltzmannstr. 3, 85748 Garching b. Münchenn
e-mail: fabian () net in tum de, WWW: http://www.net.in.tum.de/~schneifa 
phone: +49 89 289-18012, mobile: 0179/2427671-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: