tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Should the default snapshot length in tcpdump

From: Aaron Turner <synfinatic () gmail com>
Date: Fri, 20 Feb 2009 21:46:25 -0800
On Fri, Feb 20, 2009 at 7:08 PM, Guy Harris <guy () alum mit edu> wrote:

The "tcp" in "tcpdump" is a bit old - people use it for doing more than just
looking at TCP headers these days - and it sounds as if the problem Torsten
Krah had tring to decrypt ipsec traffic was due to the packets being cut
short by a snapshot length.

Would it make sense to have tcpdump default to the maximum snapshot length,
rather than 68 (without IPv6 support) or 96 (with IPv6 support)?



Yes.  People don't read man pages/documentation.  IMHO, dropped
packets is less of a problem then missing packet data in most real
world situations.

-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little
temporary Safety,
deserve neither Liberty nor Safety.
    -- Benjamin Franklin
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: