Snort mailing list archives
Re: capturing arp (Absent jusqu'au 29/07/2002)
From: Chris Green <cmg () sourcefire com>
Date: Wed, 16 Apr 2003 16:57:31 -0400
Be careful on who you quote as saying what. :)
tcpdump -s 65335 -w arp.cap arp Why would you want to capture more than 60 bytes?
I type -s, I go big and I don't wanna think what the max frame size is for whatever Data Link Layer. I generally care most about larger packets and the most often thing you have to tell people to do when using tcpdump to provide packet captures is adjust the data link layer. -- Chris Green <cmg () sourcefire com> Don't use a big word where a diminutive one will suffice. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: capturing arp (Absent jusqu'au 29/07/2002) Pascal Painparay (Apr 14)
- Re: capturing arp (Absent jusqu'au 29/07/2002) Edin Dizdarevic (Apr 15)
- Re: capturing arp (Absent jusqu'au 29/07/2002) Chris Green (Apr 16)
- Re: capturing arp (Absent jusqu'au 29/07/2002) Edin Dizdarevic (Apr 16)
- Re: capturing arp (Absent jusqu'au 29/07/2002) Chris Green (Apr 16)
- <Possible follow-ups>
- Re: capturing arp (Absent jusqu'au 29/07/2002) Pascal Painparay (Apr 16)
- Re: capturing arp (Absent jusqu'au 29/07/2002) Pascal Painparay (Apr 16)
- Re: capturing arp (Absent jusqu'au 29/07/2002) Edin Dizdarevic (Apr 15)