I am capturing network traffic by using tcpdump. The problem is: I can't see all capture data when the package is too long. For example, when the tcp frame length is more than 500, I just see 100-200 or less. How to display all frame data(500+)?
I have tried add -vv and -vvv parameter. This is my current command:
tcpdump -i eth1 tcp and host 10.27.13.14 and port 6973 -vv -X -c 1000
Add -s0 parameter:
tcpdump -i eth1 tcp and host 10.27.13.14 and port 6973 -s0 -vv -X -c 1000