On Tue, Sep 05, 2006 at 11:17:13AM +0200, J??rg Streckfu?? wrote:
> Hi list,
>
> I'm trying to find out if it is possible to see the tcp flags in a tcpdump
> output of the device pflog0 (blocked packets).
>
> When i take a physikal interface like em0 the following command shows me
> the tcp flags
>
> tcpdump -nevvvi em0 tcp
>
> But the same with pflog0 only shows me this further informations
>
> <snip>
>
> |tcp] (DF) (ttl 114, id 57665, len 48)
>
> </snip>
>
> Thanks in advance.
I believe this means the packet is truncated. I could be wrong, but if
this is correct, add -s with an appropriate size [1].
Joachim
[1] See tcpdump(8) and pflog(4) for details, or just pick a sufficiently
large number - 200 is most likely wasteful already.
