tcpdump mailing list archives
Re: large packets parsing using TcpDump
From: Guy Harris <guy () alum mit edu>
Date: Tue, 30 Nov 2010 10:26:45 -0800
On Nov 29, 2010, at 10:24 PM, Mali Shternhell wrote:
I'm using TcpDump in order to capture snmp request-response messages. When the response packet is larger than 1468 TcpDump fail to capture the packet
What do you mean by "fail to capture the packet"? If you mean that the packet isn't captured at all, it obviously won't show up in the output of tcpdump (and would thus be hard to try to make show up in red :-)), so presumably that's not what you meant. If this is over Ethernet (as I suspect it is, given that 1468 is close to 1500), a single network-layer packet can be up to 14 bytes of payload, 1500 bytes of data, and 4 bytes of FCS. If that 1500-byte payload has a 20-byte minimum size IPv4 header plus an 8-byte UDP header, that leaves 1472 bytes; any SNMP request or response longer than 1472 bytes will not fit in a single IPv4-over-Ethernet packet. If there's 4 bytes of IP options, that would be a 32-byte IPv4 header, leaving 1468 bytes.
(capture below, failed lines are in red)
Nothing appears to be red in your message. Note that not everybody who might be reading your mail 1) is running a mail program that can display colors; 2) is running a mail program that could conveniently handle various rich text formats (RTF, HTML, etc.); 3) is not suffering from some form of color-blindness (I'm not, but...) or even complete blindness (I don't know whether any screen readers tell the user what *color* the text they're reading is); so color probably isn't the best way to indicate something in a mail message. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- large packets parsing using TcpDump Mali Shternhell (Nov 30)
- Re: large packets parsing using TcpDump Guy Harris (Nov 30)
- Re: large packets parsing using TcpDump Mali Shternhell (Dec 01)
- Re: large packets parsing using TcpDump Guy Harris (Dec 01)
- Re: large packets parsing using TcpDump Mali Shternhell (Dec 01)
- Re: large packets parsing using TcpDump Guy Harris (Nov 30)