Results 1 to 1 of 1
Hi, I have a question about tcpdump's snaplen option. I try two different tcpdump invocations to capture traffic: 1) tcpdump -s 0 2) tcpdump -s 1536 My network's MTU size ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 08-08-2010 #1
- Join Date
- Aug 2010
tcpdump's snaplen option
I try two different tcpdump invocations to capture traffic:
1) tcpdump -s 0
2) tcpdump -s 1536
My network's MTU size is 1500 (no jumbo frames), so each frame's size is not larger than 1536 bytes. According to the tcpdump's man page: "Setting snaplen to 0 means use the required length to catch whole packets.". So, I make conclusion that both invocations above should perform identical
However, I get a lot of dropped packages in 1st case and no dropped packages in 2nd case.