20 Nov
2012
20 Nov
'12
4:47 a.m.
Chris Samuel <chris@csamuel.org> writes:
On 20/11/12 09:35, Trent W. Buck wrote:
IME best practice is to put tcpdump on your router, run tcpdump -wfoo.pcap
You want to add -s0 to that if you want to capture the whole packet (tshark does that automatically).
Ah, yes. The manpage says the default is the max spanlen, but experimentation on Debian builds shows it is lying. I assume this is because Debian change the default without fixing the manpage. I should file a bug about that...