From owner-freebsd-questions  Wed Nov  3  8: 8:19 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from federation.addy.com (federation.addy.com [207.239.68.2])
	by hub.freebsd.org (Postfix) with ESMTP id 638B815039
	for <questions@FreeBSD.ORG>; Wed,  3 Nov 1999 08:07:58 -0800 (PST)
	(envelope-from fbsdlist@federation.addy.com)
Received: from localhost (fbsdlist@localhost) by federation.addy.com (8.8.5/8.6.12) with SMTP id LAA13441; Wed, 3 Nov 1999 11:07:39 -0500 (EST)
Date: Wed, 3 Nov 1999 11:07:39 -0500 (EST)
From: Cliff Addy <fbsdlist@federation.addy.com>
To: Dan Nelson <dnelson@emsphone.com>
Cc: questions@FreeBSD.ORG
Subject: Re: help reading tcpdump output
In-Reply-To: <19991103094352.A53581@dan.emsphone.com>
Message-ID: <Pine.BSF.3.95q.991103110623.13051A-100000@federation.addy.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 3 Nov 1999, Dan Nelson wrote:

> In the last episode (Nov 03), Cliff Addy said:
> > We're swapping nameservice to a new machine and I ran tcpdump to watch
> > what's still going to port 25 on the old machine.  I'm seeing a lot of
> > strange packets I don't understand, such as
> 
> Port 53 is DNS lookups.  The default 'snarf' length that tcpdump uses
> is 68 bytes per packet, which is only enough to print the basic
> IP/TCP/UDP information.  The tcpdump manpage suggests -s 128 as a
> starting point if you want to view DNS packets in full.

Yipee, that's it!  The new machine apparently defaults to a much longer
length, thus the totally different look.  Thanks!

Cliff




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message