On Wed, May 29, 2002 at 10:38:24AM +0200, [EMAIL PROTECTED] wrote: > ok? I would want to know why the domain is truncated????
By default, tcpdump captures only the first 68 bytes of a packet; I have a capture here with a simple DNS query, and the total length of the packet is 71 bytes. To capture more data, use the "-s" flag, and specify the maximum number of bytes to capture; "-s 65535" should capture the entire packet, and, on current versions of tcpdump, "-s 0" should also do so (0 being a special value meaning "the entire packet"). > and if possible which port is 42516??? "Which port" in what sense? It's not any well-known or reserved port, as far as I know; that's why it's printed as a number. It's just the port that was chosen by the OS on which the DNS client (resolver) was running, so that the traffic to the DNS server (the first packet) was sent from that port and the reply to the DNS server (the second packet) was sent to that port. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
