目录
关于 “Packet size limited during capture” 的解释
Maynard, Chris wrote:
“Packet Size limited during capture” tells me that the packet was bigger than the snaplen set, so the packet was truncated when captured. In Wireshark, the snaplen is set in the capture options dialog using the “Limit each packet to ___ bytes” option, and with dumpcap, tshark and tcpdump it is set via the "-s " option. If not specified, tcpdump uses a default snaplen of 68 (or 96, depending on the platform).
解决:用 tcpdump 进行抓包时,使用 -s 0 参数表示抓包的长度没有限制,否则默认抓取的长度为 68 或 96Byte。
例如:
$ tcpdump -i eth0 -s 0 -w 1.cap
