Results 1 to 1 of 1
Hi, I have a question about tcpdump's snaplen option.
I try two different tcpdump invocations to capture traffic:
1) tcpdump -s 0
2) tcpdump -s 1536
My network's MTU size ...
- 08-08-2010 #1Just Joined!
- Join Date
- Aug 2010
- Posts
- 1
tcpdump's snaplen option
Hi, I have a question about tcpdump's snaplen option.
I try two different tcpdump invocations to capture traffic:
1) tcpdump -s 0
2) tcpdump -s 1536
My network's MTU size is 1500 (no jumbo frames), so each frame's size is not larger than 1536 bytes. According to the tcpdump's man page: "Setting snaplen to 0 means use the required length to catch whole packets.". So, I make conclusion that both invocations above should perform identical
actions.
However, I get a lot of dropped packages in 1st case and no dropped packages in 2nd case.
Any Ideas?
Thank you,
Vasily
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts