Date: Thu, 18 Sep 2003 09:14:46 +0300 From: Petri Helenius <pete@he.iki.fi> To: Edwin Groothuis <edwin@mavetju.org> Cc: Josh Brooks <user@mail.econolodgetulsa.com> Subject: Re: I would like to tcpdump and get all the packets... Message-ID: <3F694D56.9040609@he.iki.fi> In-Reply-To: <20030918014203.GA59403@k7.mavetju> References: <20030917182850.Q52432-100000@mail.econolodgetulsa.com> <20030918014203.GA59403@k7.mavetju>
next in thread | previous in thread | raw e-mail | index | archive | help
Edwin Groothuis wrote: >On Wed, Sep 17, 2003 at 06:31:03PM -0700, Josh Brooks wrote: > > >>Whenever I run: >> >>tcpdump -vvv >> >>when I am finished, I am surprised to see: >> >>27441 packets received by filter >>7866 packets dropped by kernel >> >> > >That's because the buffer of captures-but-not-yet-processed packets >in tcpdump was filled up. In other words, your system is to slow >to process the amount of traffic going through your machine. > > > Sure, but because the bug in pcap-bpf.c there is no way to set the buffer above 32768 without recompiling the library after applying the patch. This bug should be fixed in the FreeBSD copy of libpcap because tcpdump folks seem to be quite dormant. Pete
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F694D56.9040609>