Date: Wed, 27 Feb 2008 06:53:03 -0500 From: Mike Tancsa <mike@sentex.net> To: freebsd-pf@freebsd.org Subject: default snaplen on tcpdump Message-ID: <200802271155.m1RBt6U0058941@lava.sentex.ca>
next in thread | raw e-mail | index | archive | help
Is there any chance of changing the default snap length of tcpdump to
be a few bytes bigger ? With pf on RELENG_7, the default of 96
is too short now. So doing just a
# tcpdump -nei pflog0
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture
size 96 bytes
06:50:57.651128 rule 7/0(match): pass in on bge0:
190.73.138.253.2020 > xx.7.141.12.25: tcp 28 [bad hdr length 0 - too
short, < 20]
Going to -s100 seems to be a safe value and avoids the "bad header" errors.
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802271155.m1RBt6U0058941>