From owner-freebsd-net@FreeBSD.ORG Wed Sep 17 18:31:03 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7662E16A4B3 for ; Wed, 17 Sep 2003 18:31:03 -0700 (PDT) Received: from mail.econolodgetulsa.com (mail.econolodgetulsa.com [198.78.66.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE7D843FD7 for ; Wed, 17 Sep 2003 18:31:02 -0700 (PDT) (envelope-from user@mail.econolodgetulsa.com) Received: from mail (user@mail [198.78.66.163])h8I1V3nW068054 for ; Wed, 17 Sep 2003 18:31:03 -0700 (PDT) (envelope-from user@mail.econolodgetulsa.com) Date: Wed, 17 Sep 2003 18:31:03 -0700 (PDT) From: Josh Brooks To: freebsd-net@freebsd.org Message-ID: <20030917182850.Q52432-100000@mail.econolodgetulsa.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: I would like to tcpdump and get all the packets... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Sep 2003 01:31:03 -0000 Whenever I run: tcpdump -vvv when I am finished, I am surprised to see: 27441 packets received by filter 7866 packets dropped by kernel I have pored over the tcpdump man page, but do not see how to tell it to not drop any of the packets. What is the purpose behind this ? I can't think of any situation where I would want to run tcpdump and not see certain things. The whole point of my tcpdump usage is to try to catch some malicious traffic that I think is hitting my system - if it is dropping so many packets, I might never see it! Many thanks - and also, just out of curiousity, what _is_ the situation in which it helps to throw out 20% of the packets and not see them ?