Dear Sir, I have recently setup an open source sensor to place in front of my firewall. I am currently running snort and tcpdump. the man page recommends against run tcpdump with -s 1500 due to packet loss. I am lost here, pls advise why this logical approach is not recommended as it seems right to have entire packet for analysis when the sensor sends an alert? Rdgs Jennifer - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
