From owner-freebsd-questions Thu Oct 9 17:21:29 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id RAA09932 for questions-outgoing; Thu, 9 Oct 1997 17:21:29 -0700 (PDT) (envelope-from owner-freebsd-questions) Received: from freebie.lemis.com (gregl1.lnk.telstra.net [139.130.136.133]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id RAA09923 for ; Thu, 9 Oct 1997 17:21:23 -0700 (PDT) (envelope-from grog@freebie.lemis.com) Received: (from grog@localhost) by freebie.lemis.com (8.8.7/8.8.5) id JAA13072; Fri, 10 Oct 1997 09:51:01 +0930 (CST) Message-ID: <19971010095101.09370@lemis.com> Date: Fri, 10 Oct 1997 09:51:01 +0930 From: Greg Lehey To: Mark Tinguely Cc: joe@via.net, questions@FreeBSD.ORG Subject: Re: tcpdump References: <199710092057.PAA12896@plains.NoDak.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.84e In-Reply-To: <199710092057.PAA12896@plains.NoDak.edu>; from Mark Tinguely on Thu, Oct 09, 1997 at 03:57:21PM -0500 Organisation: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8250 Fax: +61-8-8388-8250 Mobile: +61-41-739-7062 WWW-Home-Page: http://www.lemis.com/~grog Fight-Spam-Now: http://www.cauce.org Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Thu, Oct 09, 1997 at 03:57:21PM -0500, Mark Tinguely wrote: >> Does tcpdump dump the entire packet? > > the default action is to copy the first 83 bytes from kernel space to > the tcpdump application. The option -s can change that default. >> >> Does the dumped data include the tcp headers or is it the >> "payload"? > > the dumped data is the ethernet frame (which may be IP, or not). In fact, unless you ask for link-level headers with the -e option, you'll just get the IP datagram if it *is* IP. Greg