[Windump] windump capture udp packets all shorterned
Gianluca Varenni
Gianluca.Varenni at riverbed.com
Mon Mar 21 12:32:36 PDT 2011
James,
by default windump, exactly like tcpdump, captures only the first bytes of every packet (if I remember well, only the first 96 bytes). To capture the whole packet, you need to use parameter -s <snaplen> with a big snaplen value, e.g. 65535.
Have a nice day
GV
From: windump-bounces at winpcap.org [mailto:windump-bounces at winpcap.org] On Behalf Of James Zu
Sent: Monday, March 21, 2011 12:31 PM
To: windump at winpcap.org
Subject: [Windump] windump capture udp packets all shorterned
Hi,
Running into some problem trying to use windump to capture completed data on a Intel NIC team. I have both wireshark and windump installed. However the packets that's captured by wireshark are all complete. But the UDP packets captured by windump are all truncated. The box has 16G of RAM and 8 cores, so it's not a hardware slow issue. Any ideas?
Here is my command
WinDump.exe -i \Device\NPF_{CAFA7E67-9901-4762-9069-CAA9B9AC754E} -n -vvv -U -C 100 -w 20110321_P2_GW -B 5000
James Zu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/windump/attachments/20110321/cd63d679/attachment.html>
More information about the Windump
mailing list