tcpdump mailing list archives
Re: How tcpdump determines the "dropped by kernel"?
From: Anders Broman <anders.broman () ericsson com>
Date: Mon, 25 Nov 2013 12:14:36 +0000
Hi, It's not clear to me if you are running tcpdump on the server in question, which might not be a good idea if its heavily loaded as tcpdump might add extra load to the machine. You could check with top. Which OS are you running and what versions of tcpdump/libpcap? What is the packets/s or MB/s? ( Load the capture into Wireshark and look at the Summary information). *Set a snap length (MTU + 18). Depending on your OS and libpcap version this might give a good effect. Regards Anders -----Original Message----- From: tcpdump-workers-bounces () lists tcpdump org [mailto:tcpdump-workers-bounces () lists tcpdump org] On Behalf Of Eliezer Croitoru Sent: den 25 november 2013 02:04 To: tcpdump-workers () lists tcpdump org Subject: [tcpdump-workers] How tcpdump determines the "dropped by kernel"? I have been reading the man pages of tcpdump and I am not sure if my OS will report the relevant info. Since I would not like to research tcpdump code I would like to get some help about it from others. So my kernel would declare on packets that was dropped but still the connection was OK and was not disrupted in any way I can think about. What exactly this "drop by kernel" means? Is it dropped by kernel and was not handled by any application? or it means that the buffers of tcpdump got filled and there-for was dropped by tcpdump? I am not sure I am even asking the right question but this is how it seems to me. In any case I would like to do a very big dump into a storage system on a very loaded system and which I would like to not drop any packet by either the kernel or any other level if possible. In a case there are tuning to the system in couple layers I would like to at least minimize the drops from lots of packets into a small amount of packets. Thanks in Advance, Eliezer _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- How tcpdump determines the "dropped by kernel"? Eliezer Croitoru (Nov 24)
- Re: How tcpdump determines the "dropped by kernel"? Anders Broman (Nov 25)
- Message not available
- Re: How tcpdump determines the "dropped by kernel"? Eliezer Croitoru (Nov 25)
- Message not available
- Re: How tcpdump determines the "dropped by kernel"? Anders Broman (Nov 25)
- Re: How tcpdump determines the "dropped by kernel"? Guy Harris (Nov 25)
- Re: How tcpdump determines the "dropped by kernel"? Eliezer Croitoru (Nov 25)
- Re: How tcpdump determines the "dropped by kernel"? Guy Harris (Nov 25)
- Re: How tcpdump determines the "dropped by kernel"? Eliezer Croitoru (Nov 25)
- Re: How tcpdump determines the "dropped by kernel"? Eliezer Croitoru (Nov 25)