Hi Dario,
Try tcpdump -s 1500 -w your_pcap.cap ip[21]==89
This will capture the full packets. By default, tcpdump will only
capture 68 bytes of the packet.
man tcpdump will explain the snaplen (-s option).
Hope this helps,
Mike
On Mon, Nov 03, 2003 at 11:36:17AM +0100, Dario Lombardo wrote:
> Hi guys
> I experienced this problems some days ago using tcpdump and tethereal.
> I made a capture with tcpdump in order to get OSPF packets. My filter
> was ip[21]==89. I saved my data into a pcap file, but when I opened it
> with ethereal I found many packets marked [Short frame], and effectively
> they where truncated. I made the same capture with tethereal (same
> options) and I got a different result: the packets where captured
> correctly, at full lenght.
> These are my versions:
>
> Red Hat Linux release 8.0 (Psyche)
> tcpdump-3.6.3-17.8.0.3
> ethereal-0.9.13-1.80.1
> libpcap-0.6.2-16
>
> Any idea?
>
> --
> Dario Lombardo
> Centro Sicurezza Be-Secure
> Telecom Italia LAB
>
>
>
>
> ====================================================================
> CONFIDENTIALITY NOTICE
> This message and its attachments are addressed solely to the persons
> above and may contain confidential information. If you have received
> the message in error, be informed that any use of the content hereof
> is prohibited. Please return it immediately to the sender and delete
> the message. Should you have any questions, please contact us by
> replying to MailAdmin@xxxxxxxxx. Thank you
> ====================================================================
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users