>> On Wed, Nov 19, 2008 at 08:18:00PM -0800, Jeff Simmons wrote: >> Just increase the snaplen. >> >> tcpdump -s 65000 -w dump port 80
With some tcpdump(8) versions on non-OpenBSD Unix-like OSes (e.g. tcpdump version 3.9.8/Ubuntu 8.10), the man page says: -s Snarf snaplen bytes of data from each packet (...) Set‐ ting snaplen to 0 means use the required length to catch whole packets. The man page for OpenBSD's tcpdump doesn't mention anything about setting the snaplen to 0, and trying to invoke OpenBSD's tcpdump with -s 0 results in an error of: > tcpdump: invalid snaplen 0 (tested with OpenBSD 4.3 GENERIC) This is probably a naive question, but how would one best replicate the -s 0 functionality with OpenBSD's tcpdump? Is there a reason why Jeff specifically suggested -s 65000? Many thanks and regards, --ropers