pflogd: default snaplen

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

pflogd: default snaplen

giovanni-19
hi,

    -s snaplen
             Analyze at most the first snaplen bytes of data from each packet
             rather than the default of 116.  The default of 116 is adequate
             for IP, ICMP, TCP, and UDP headers but may truncate protocol
             information for other protocols.  Other file parsers may desire a
             higher snaplen.

it seems to me that the default is 160. am I wrong?

#define DEF_SNAPLEN 160         /* pfloghdr + ip hdr + proto hdr fit usually */

--
see ya,
giovanni

Reply | Threaded
Open this post in threaded view
|

Re: pflogd: default snaplen

giovanni-19
oops :-)

On Wed, Oct 12, 2011 at 11:56 AM, giovanni <[hidden email]> wrote:
> hi,
>
>    -s snaplen
>             Analyze at most the first snaplen bytes of data from each
packet
>             rather than the default of 116.  The default of 116 is adequate
>             for IP, ICMP, TCP, and UDP headers but may truncate protocol
>             information for other protocols.  Other file parsers may desire
a
>             higher snaplen.
>
> it seems to me that the default is 160. am I wrong?
>
> #define DEF_SNAPLEN 160         /* pfloghdr + ip hdr + proto hdr fit usually
*/
>
> --
> see ya,
> giovanni
>



--
see ya,
giovanni

Reply | Threaded
Open this post in threaded view
|

Re: pflogd: default snaplen

Henning Brauer
In reply to this post by giovanni-19
* giovanni <[hidden email]> [2011-10-12 11:58]:

> hi,
>
>     -s snaplen
>              Analyze at most the first snaplen bytes of data from each packet
>              rather than the default of 116.  The default of 116 is adequate
>              for IP, ICMP, TCP, and UDP headers but may truncate protocol
>              information for other protocols.  Other file parsers may desire a
>              higher snaplen.
>
> it seems to me that the default is 160. am I wrong?
>
> #define DEF_SNAPLEN 160         /* pfloghdr + ip hdr + proto hdr fit usually */

correct, fixed, thanks

--
Henning Brauer, [hidden email], [hidden email]
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/