On Wed, Nov 11, 2009 at 8:49 AM, Tom Smith <[email protected]> wrote: > On Tue, Nov 10, 2009 at 9:30 PM, Nick Guenther <[email protected]> wrote: > >> >> A snaplen of 0 on linux really means a snaplen of 2^16-1 which is >> "good enough". I'd imagine "tcpdump: invalid snaplen 0" was chosen >> because technically it's true, the linux thing is just a convenience >> hack that will bite someone down the line. > > > I hope that you are not accusing me of using Linux. Because if you are, then > that is the ultimate insult to which I would reply how do *you* know so much > about that steaming pile of fecal matter? FreeBSD's tcpdump has a snaplen > implementation that can be set to 0 that is why I asked the question.
Heh, I know because I have friends who use it, it supports audio better (at the moment), and Ubuntu is nicer for a desktop. I didn't know freebsd works that way, sorry. But offtopic. > >> What you want is to set >> your snaplen to be equal to your MTU, which is what I guess you're >> doing? >> > > I'm sniffing packets over 802.11 and I wonder why I see some packets, but > not all. > Well if you were using monitor mode on some other card I would say it's because as a 'security measure' the firmware is blocking it, but it's a Ralink and they're the open ones so hmm. Sorry, I think I'm spent. -Nick
