Re: tcpdump default snaplen

[Hannes Gredler <hannes () juniper net>]

On Tue, Jul 08, 2003 at 11:55:35AM -0400, Chun Zhang wrote:
| Hi,
| 
| I would like to find out what is the reasoning behind using 68 as the
| current TCPDUMP snaplen. The manual says that this is adequate to cover
| TCP/IP traffic - though given that TCP can have 40 bytes of options, this
| clearly falls short. Does anyone have suggestions on a better choice of
| snaplen?

don't forget to add the link-layer ... altough i admit 28 bytes for the
link-layer is generous ...

/hannes
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe