Date: Fri, 10 Oct 1997 09:51:01 +0930 From: Greg Lehey <grog@lemis.com> To: Mark Tinguely <tinguely@plains.NoDak.edu> Cc: joe@via.net, questions@FreeBSD.ORG Subject: Re: tcpdump Message-ID: <19971010095101.09370@lemis.com> In-Reply-To: <199710092057.PAA12896@plains.NoDak.edu>; from Mark Tinguely on Thu, Oct 09, 1997 at 03:57:21PM -0500 References: <199710092057.PAA12896@plains.NoDak.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 09, 1997 at 03:57:21PM -0500, Mark Tinguely wrote: >> Does tcpdump dump the entire packet? > > the default action is to copy the first 83 bytes from kernel space to > the tcpdump application. The option -s can change that default. >> >> Does the dumped data include the tcp headers or is it the >> "payload"? > > the dumped data is the ethernet frame (which may be IP, or not). In fact, unless you ask for link-level headers with the -e option, you'll just get the IP datagram if it *is* IP. Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971010095101.09370>