From owner-freebsd-questions Wed Aug 7 16:20:40 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E049337B400 for ; Wed, 7 Aug 2002 16:20:38 -0700 (PDT) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B7AC43E77 for ; Wed, 7 Aug 2002 16:20:38 -0700 (PDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.12.5/8.12.5) id g77NKbpe098767; Wed, 7 Aug 2002 18:20:37 -0500 (CDT) (envelope-from dan) Date: Wed, 7 Aug 2002 18:20:37 -0500 From: Dan Nelson To: "Balaji, Pavan" Cc: "'Patrick Thomas'" , freebsd-questions@FreeBSD.ORG Subject: Re: tcpdump and dropped packet statistics Message-ID: <20020807232037.GA64413@dan.emsphone.com> References: <3D386AED1B47D411A94300508B11F18704AD69A4@fmsmsx116.fm.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3D386AED1B47D411A94300508B11F18704AD69A4@fmsmsx116.fm.intel.com> X-OS: FreeBSD 5.0-CURRENT X-message-flag: Outlook Error User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In the last episode (Aug 07), Balaji, Pavan said: > > What does it mean when you run tcpdump and you see this after > > hitting ctrl-C : > > > > 5702 packets received by filter > > 4395 packets dropped by kernel > > > > Is it just some nuance of tcpdump that I shouldn't care about, or > > is my system actually dropping network packets (and then I should > > care) ? > > > > thanks. > > Yes. It is something you should care. It just means that there is a > lot of corruption of packets (from wherever you are transferring). I > had this problem a couple of months back, and it turned out that my > NIC was screwed up. No. It means tcpdump is not able to process packets fast enough, and had to drop packets sent to it by the kernel. Corrupt packets don't even make it to the kernel. NICs usually filter them out automatically. There's a bit more info the the "bpf" manpage: bs_drop the number of packets which were accepted by the filter but dropped by the kernel because of buffer overflows (i.e., the application's reads aren't keeping up with the packet traffic). Try grabbing less bytes if you are using -s, or write to SCSI instead of IDE disks if you are writing to a file. -- Dan Nelson dnelson@allantgroup.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message