Wireshark mailing list archives

capture short packets in tcpdump/tshark?

From: Mathias Koerber <mathias () koerber org>
Date: Tue, 27 Jan 2015 13:25:58 +0800

On one system, we see a few

UDP: short packet: From a.b.c.d:xx 50/44 to
e.f.g.h:yy

which then apparently the kernel drops.

If I capture all traffic on that NIC (using tcpdump or
tshark) will these show up in the capture, or will the kernel
drop them before the libpcap lib even sees them?

If they are captured, how to I filter for these in wireshark/tshark?

This is RedHat Linux 6

thanks
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

capture short packets in tcpdump/tshark? Mathias Koerber (Jan 26)
- Re: capture short packets in tcpdump/tshark? Guy Harris (Jan 27)