[Snort-users] capturing arp (Absent jusqu'au 29/07/2002)

Chris Green cmg at ...1935...
Wed Apr 16 14:00:07 EDT 2003


Be careful on who you quote as saying what. :)

> tcpdump -s 65335 -w arp.cap arp
>
> Why would you want to capture more than 60 bytes?

I type -s, I go big and I don't wanna think what the max frame size is
for whatever Data Link Layer.  I generally care most about larger
packets and the most often thing you have to tell people to do when
using tcpdump to provide packet captures is adjust the data link
layer.

-- 
Chris Green <cmg at ...1935...>
Don't use a big word where a diminutive one will suffice.




More information about the Snort-users mailing list