February 24, 2014 · http linux

Packet truncated capture HTTP capture

Received a packet capture file with this message. The reason is ·tcpdump· by default capture packet of only 96 bytes. Larger ones are truncated.

The solution is to capture with tcpdump -i eth0 -w out.pcap -s 0

-s 0 flag tell tcpdump to capture packet at original size (65535 bytes).
And, this will create much larger output file.

See reference here.

  • LinkedIn
  • Tumblr
  • Reddit
  • Google+
  • Pinterest
  • Pocket