On Fri, Feb 20, 2009 at 09:46:25PM -0800, Aaron Turner wrote: > On Fri, Feb 20, 2009 at 7:08 PM, Guy Harris <[email protected]> wrote: > > > The "tcp" in "tcpdump" is a bit old - people use it for doing more > > than just looking at TCP headers these days - and it sounds as if > > the problem Torsten Krah had tring to decrypt ipsec traffic was due > > to the packets being cut short by a snapshot length. > > > > Would it make sense to have tcpdump default to the maximum snapshot > > length, rather than 68 (without IPv6 support) or 96 (with IPv6 > > support)? > > Yes. People don't read man pages/documentation. IMHO, dropped packets > is less of a problem then missing packet data in most real world > situations.
I'm very used to running tcpdump with "-s 0" to get the maximum snapshot length, but it'd be nice if going forward I can save typing 4 characters ;-) Cheers, Eloy Paris.- - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
