Why does tcpdump only capture the first 68 bytes of a packet?

  • Thread starter SpiffyEh
  • Start date
  • #1
194
0
By default TCPDUMP limits the number of bytes it captures to 68. Why did they select 68 bytes? Does anyone know why?
 

Answers and Replies

  • #2
21
0
68 bytes is just the default value. You can set it to capture the whole packet by using the "-s 0" option. It's set to that by default because it's just enough to capture packet header information without revealing content; making it a useful network diagnostic without snooping through user data.
 

Related Threads on Why does tcpdump only capture the first 68 bytes of a packet?

Replies
24
Views
2K
  • Last Post
Replies
2
Views
3K
  • Last Post
Replies
2
Views
5K
  • Last Post
Replies
5
Views
4K
  • Last Post
Replies
7
Views
3K
  • Last Post
Replies
5
Views
3K
  • Last Post
Replies
16
Views
7K
  • Last Post
Replies
5
Views
5K
  • Last Post
Replies
4
Views
6K
  • Last Post
Replies
4
Views
2K
Top