Josh Brooks wrote:
Whenever I run:
tcpdump -vvv
when I am finished, I am surprised to see:
27441 packets received by filter
7866 packets dropped by kernel
I have pored over the tcpdump man page, but do not see how to tell it to
not drop any of the packets.
What is the purpose behind this ? I can't think of any situation where I
would want to run tcpdump and not see certain things.
The whole point of my tcpdump usage is to try to catch some malicious
traffic that I think is hitting my system - if it is dropping so many
packets, I might never see it!
Many thanks - and also, just out of curiousity, what _is_ the situation in
which it helps to throw out 20% of the packets and not see them ?
Would you want to de-prioritize tcpdump so if it can't process data quickly
enough as the kernel receives them, the kernel would stop processing packets
and wait tcpdump to finish?
But seriously, there is a solution for your problem. Add a -n to your
numerous -v's. You probably don't want to spend precious tcpdump's time
to resolve IPs it captures, while losing data.
--
Lev Walkin
[EMAIL PROTECTED]
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
