a buildworld yeilds tcpdump oddness
Drav Sloan
holborn-pf at real-life.tm
Fri May 2 02:45:16 UTC 2008
David DeSimone wrote:
> When you see the [|xxx] syntax in tcpdump, that is its way of telling
> you that the packet you captured is truncated, and it cannot show you
> more information unless you capture a longer packet.
>
> With recent changes to PF, the default capture size (68 bytes as seen
> above) is insufficient. Try adding "-s128" to capture more of the
> packets and you should see an improvement.
Et volia! Been using tcpdump for years, never knew about that one!
Cheers Dave,
(and appologies for multiple post, I thought the first one would
of been rejected given it's return address...)
Regards
Drav.
More information about the freebsd-pf
mailing list