On Fri, Feb 20, 2009 at 7:08 PM, Guy Harris <[email protected]> wrote: > The "tcp" in "tcpdump" is a bit old - people use it for doing more than just > looking at TCP headers these days - and it sounds as if the problem Torsten > Krah had tring to decrypt ipsec traffic was due to the packets being cut > short by a snapshot length. > > Would it make sense to have tcpdump default to the maximum snapshot length, > rather than 68 (without IPv6 support) or 96 (with IPv6 support)?
Yes. People don't read man pages/documentation. IMHO, dropped packets is less of a problem then missing packet data in most real world situations. -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
