2008/11/23 ropers <[EMAIL PROTECTED]>:
>>> On Wed, Nov 19, 2008 at 08:18:00PM -0800, Jeff Simmons wrote:
>
>>> Just increase the snaplen.
>>>
>>> tcpdump -s 65000 -w dump port 80
>
> With some tcpdump(8) versions on non-OpenBSD Unix-like OSes (e.g.
> tcpdump version 3.9.8/Ubuntu 8.10), the man page says:
>
>  -s     Snarf snaplen bytes of data from each packet (...) Set‐
>              ting snaplen to 0 means use the required length to catch
> whole packets.
>
> The man page for OpenBSD's tcpdump doesn't mention anything about
> setting the snaplen to 0, and trying to invoke OpenBSD's tcpdump with
> -s 0 results in an error of:
>
>> tcpdump: invalid snaplen 0
>
> (tested with OpenBSD 4.3 GENERIC)
>
> This is probably a naive question, but how would one best replicate
> the -s 0 functionality with OpenBSD's tcpdump? Is there a reason why
> Jeff specifically suggested -s 65000?
>
> Many thanks and regards,
> --ropers
>
>

Since the size of a IPv4 packet is coded on 16 bits it can't be more
than 65536 octets.
So -s 65536 and -s 0 should behave the same for IPv4 packets.
Note that IPv6 has a jumbogram feature enabling the use of bigger
packets but I never saw it in action.

And since tcpdump doesn't reassemble framented IP packets, your
network interface MTU should be enough anyway.

-- 
Pierre Riteau

Reply via email to