# Revision history [back]

in the capture option window, I can set a limit for other interfaces but not for SSH remote capture

"Other interfaces" presumably means "interfaces other than the ones that have 'remote capture' in their names"; there's no ability to limit the packet size for Cisco or UDP Listener capture, either.

Those three are called "extcaps" (for "external capture"), and they work differently from the other interfaces; the other interfaces use the de facto standard APII for capturing (libpcap), but the "extcaps" use a separate program from Wireshark (some of which, such as those, are shipped with Wireshark, but they can also be provided by third parties).

I'll have to check whether there's a way for an "extcap" to indicate that it directly supports a "snapshot length" parameter to limit the packet size, but, even if it does, none of those extcaps support it.

tcpdump -i <interface> -s <packet size limit> '<filter>'

where <interface> is the name of the interfaces on the Linux machine, <packet size limit> is the packet size limit you want, and <filter> (the quotes around it are not always required, but they might be, so it's probably a Good Idea to use them) is the capture filter you want (if you want all packets, leave the filter, and the quotes around it, out). If you don't want to capture in promiscuous mode, add -p before '<filter>'; if you don't want to capture more than some number of packets, add -c <packet count>, where <packet count> is the maximum number of packets, before '<filter>'.