tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Should the default snapshot length in tcpdump

From: Eloy Paris <peloy () chapus net>
Date: Sat, 21 Feb 2009 10:40:23 -0500
On Fri, Feb 20, 2009 at 09:46:25PM -0800, Aaron Turner wrote:


On Fri, Feb 20, 2009 at 7:08 PM, Guy Harris <guy () alum mit edu> wrote:


The "tcp" in "tcpdump" is a bit old - people use it for doing more
than just looking at TCP headers these days - and it sounds as if
the problem Torsten Krah had tring to decrypt ipsec traffic was due
to the packets being cut short by a snapshot length.

Would it make sense to have tcpdump default to the maximum snapshot
length, rather than 68 (without IPv6 support) or 96 (with IPv6
support)?


Yes. People don't read man pages/documentation. IMHO, dropped packets
is less of a problem then missing packet data in most real world
situations.


I'm very used to running tcpdump with "-s 0" to get the maximum snapshot
length, but it'd be nice if going forward I can save typing 4 characters
;-)

Cheers,

Eloy Paris.-
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: