shirish wrote:
Reply in-line :-
On Tue, Jan 27, 2009 at 13:56, shirish shirishag75@gmail.com wrote:
<snip>
$ sudo tcpdump -s0 -i eth1 -w output.cap host 59.95.28.28 tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes ^C34 packets captured 36 packets received by filter 0 packets dropped by kernel
I dunno what is this capture size is 65535 bytes and what it is being influenced by?
That is the number of bytes the tcpdump defaults to capturing with the -s0 option. From the tcpdump manpage ...
-s Snarf snaplen bytes of data from each packet ....Setting snaplen to 0 means use the required length to catch whole packets.
eg: [root@laptop ~]# tcpdump -s1500 -w output.cap host 59.95.28.28 tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes ^C0 packets captured ... ...
HTH - steve