>> On Wed, Nov 19, 2008 at 08:18:00PM -0800, Jeff Simmons wrote:
>> Just increase the snaplen.
>>
>> tcpdump -s 65000 -w dump port 80
With some tcpdump(8) versions on non-OpenBSD Unix-like OSes (e.g.
tcpdump version 3.9.8/Ubuntu 8.10), the man page says:
-s Snarf snaplen bytes of data from each packet (...) Set‐
ting snaplen to 0 means use the required length to catch
whole packets.
The man page for OpenBSD's tcpdump doesn't mention anything about
setting the snaplen to 0, and trying to invoke OpenBSD's tcpdump with
-s 0 results in an error of:
> tcpdump: invalid snaplen 0
(tested with OpenBSD 4.3 GENERIC)
This is probably a naive question, but how would one best replicate
the -s 0 functionality with OpenBSD's tcpdump? Is there a reason why
Jeff specifically suggested -s 65000?
Many thanks and regards,
--ropers
