Hi, I have a question about tcpdump's snaplen option.

I try two different tcpdump invocations to capture traffic:

1) tcpdump -s 0
2) tcpdump -s 1536

My network's MTU size is 1500 (no jumbo frames), so each frame's size is not larger than 1536 bytes. According to the tcpdump's man page: "Setting snaplen to 0 means use the required length to catch whole packets.". So, I make conclusion that both invocations above should perform identical

However, I get a lot of dropped packages in 1st case and no dropped packages in 2nd case.

Any Ideas?

Thank you,