[问题求助]请教tcpdump命令中-s选项的意思 [复制链接]

请教一下，就是在tcpdump命令.中，-s是什么意思呢.？--------------彩票
我看了一下man手册，我的理解是说打印出包中数据.，如TCP包中的内容这些，而-s就是指定了打.印这些包中多少个字节的内容。(广告)
请.问一下是这样理解的吗？谢谢！           建材

-S     Print  absolute, rather than relative, TCP sequence
              numbers.

       -s     Snarf snaplen bytes of data from each packet rather
              than the default of 68 (with SunOS's NIT, the mini?
              mum is actually 96).  68 bytes is adequate for  IP,
              ICMP,  TCP and UDP but may truncate protocol infor?
              mation  from  name  server  and  NFS  packets  (see
              below).   Packets  truncated  because  of a limited
              snapshot  are  indicated   in   the   output   with
              ``[|proto]'', where proto is the name of the proto?
              col level at which  the  truncation  has  occurred.
              Note  that  taking  larger snapshots both increases
              the amount of time it takes to process packets and,
              effectively, decreases the amount of packet buffer?
              ing.  This may  cause  packets  to  be  lost.   You
              should  limit  snaplen  to the smallest number that
              will capture the protocol information you're inter?
              ested  in.   Setting  snaplen  to  0  means use the
              required length to catch whole packets.

http://blogimg.chinaunix.net/blog/upfile2/081209104053.pdf

这个图非常好，专门讲tcpdump的

好东西 谢谢楼上