Hello, list
When I tried to see pf log of my recently installed OpenBSD 4.4
desktop box, I've got the message that snaplen has been raised from 96
to 116, even when I did give it a try with -s 96.
$ sudo tcpdump -n -e -ttt -r /var/log/pflog -s 96
Password:
tcpdump: WARNING: snaplen raised from
interface headers plus
IP and TCP/UDP headers.
$ sudo tcpdump -n -e -ttt -r /var/log/pflog -s 96
Password:
tcpdump: WARNING: snaplen raised from 96 to 116
Any thoughts how to reduce it to examine the logs? Aside, could that
be a symptom of a break-in?
You can not, and even if you did, you would
headers are bigger than ethernet headers, 116 is the minimum
you can use that can reliably capture all pflog interface headers plus
IP and TCP/UDP headers.
$ sudo tcpdump -n -e -ttt -r /var/log/pflog -s 96
Password:
tcpdump: WARNING: snaplen raised from 96 to 116
Any thoughts how to reduce
3 matches
Mail list logo
