Well, tcpdump is a program that uses the libpcap library to capture network data. IP packets are layer 3, probably what you want captured, but libpcap is layer 2, so it’s going to capture ethernet frames on ethernet; or something even more obscure if you’re not using ethernet. Since for certain network settings, IP packets can be longer than ethernet frames, you might get data that you don’t exactly understand if you presume there is a 1-to-1-and-onto relationship between max frame size and packet length.
I don’t know that you’ll understand this explanation, because it also presumes you know something about how network protocols work. Perhaps you should share the actual real question you had that caused google to give you this bit of technobabble. That could probably be more directly explained than using this intermediate representation of your question.
Latest Answers