shirish wrote:
> Reply in-line :-
> 
> On Tue, Jan 27, 2009 at 13:56, shirish <[email protected]> wrote:
> 
> <snip>
> 
>> $ sudo tcpdump -s0 -i eth1 -w output.cap host 59.95.28.28
>> tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size
>> 65535 bytes
>> ^C34 packets captured
>> 36 packets received by filter
>> 0 packets dropped by kernel
> 
> I dunno what is this capture size is 65535 bytes and what it is being
> influenced by?

That is the number of bytes the tcpdump defaults to capturing with the -s0 
option. From the tcpdump manpage ...

  -s     Snarf  snaplen  bytes  of  data from each packet ....Setting snaplen 
to 
0 means use the required length to catch whole packets.

eg:
[r...@laptop ~]# tcpdump -s1500 -w output.cap host 59.95.28.28
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes
^C0 packets captured
...
...

HTH
- steve

> 


-- 
Linux Centric Marketplace: http://www.tuxcompatible.com
-- 
http://mm.glug-bom.org/mailman/listinfo/linuxers

Reply via email to