Wireshark-users: Re: [Wireshark-users] tcpdump command to capture https traffic

From: "Kaushal Shriyan" <kaushalshriyan@xxxxxxxxx>
Date: Thu, 19 Jul 2007 21:59:22 +0530
Thanks Guy Harris

One more question

is it better to run tcpdump -i eth0 -s 0 -w dump host 192.168.0.1 and host 192.168.0.2 and port 443

or instead 
tcpdump -i eth0 -s 1500 -w dump host 192.168.0.1 and host 192.168.0.2 and port 443

which is the best method

Thanks and Regards

Kaushal

On 7/19/07, Guy Harris < guy@xxxxxxxxxxxx> wrote:
Kaushal Shriyan wrote:
> Thanks and what does s 0 signifies, I know s means snapshot length so
> what does s 0 signifies

It means "the maximum snapshot length", which is 65535 bytes.  (Versions
of tcpdump prior to 3.6 require that you do "-s 65535", but all later
versions support "-s 0".)
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users