Hi Experts,
Can we specify the packet length during capturing the traffic? This
feature allows us to just save the protocol information without user data.
It can avoid the save sensitive user data and save the disk spaces to
store more packets.
Here's extracted from the tcpdump manpage:
-s Snarf snaplen bytes of data from each packet rather than the
default of 65535 bytes. Packets truncated because of a
limited snapshot are indicated in the output with
``[|proto]'', where proto is the name of the protocol level at which
the truncation has occurred. Note that taking larger
snapshots both increases the amount of time it takes to process
packets and, effectively, decreases the amount of packet
buffering. This may cause packets to be lost. You should
limit snaplen to the smallest number that will capture the
protocol information you're interested in. Setting snaplen
to 0 sets it to the default of 65535, for backwards
compatibility with recent older versions of tcpdump.
Thanks in advance.
Regards,
Ivan Cheng
--
You received this message because you are subscribed to the Google Groups
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to netsniff-ng+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
