shirish wrote: > Reply in-line :- > > On Tue, Jan 27, 2009 at 13:56, shirish <[email protected]> wrote: > > <snip> > >> $ sudo tcpdump -s0 -i eth1 -w output.cap host 59.95.28.28 >> tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size >> 65535 bytes >> ^C34 packets captured >> 36 packets received by filter >> 0 packets dropped by kernel > > I dunno what is this capture size is 65535 bytes and what it is being > influenced by?
That is the number of bytes the tcpdump defaults to capturing with the -s0 option. From the tcpdump manpage ... -s Snarf snaplen bytes of data from each packet ....Setting snaplen to 0 means use the required length to catch whole packets. eg: [r...@laptop ~]# tcpdump -s1500 -w output.cap host 59.95.28.28 tcpdump: WARNING: eth0: no IPv4 address assigned tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes ^C0 packets captured ... ... HTH - steve > -- Linux Centric Marketplace: http://www.tuxcompatible.com -- http://mm.glug-bom.org/mailman/listinfo/linuxers

