From owner-freebsd-net@FreeBSD.ORG  Wed Sep 17 23:14:53 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 59A3916A4B3
	for <freebsd-net@freebsd.org>; Wed, 17 Sep 2003 23:14:53 -0700 (PDT)
Received: from silver.he.iki.fi (helenius.fi [193.64.42.241])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0251143FDD
	for <freebsd-net@freebsd.org>; Wed, 17 Sep 2003 23:14:52 -0700 (PDT)
	(envelope-from pete@he.iki.fi)
Received: from he.iki.fi (h81.vuokselantie10.fi [193.64.42.129])
	by silver.he.iki.fi (8.12.9/8.11.4) with ESMTP id h8I6EmSq064712;
	Thu, 18 Sep 2003 09:14:48 +0300 (EEST)
	(envelope-from pete@he.iki.fi)
Message-ID: <3F694D56.9040609@he.iki.fi>
Date: Thu, 18 Sep 2003 09:14:46 +0300
From: Petri Helenius <pete@he.iki.fi>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.4) Gecko/20030624
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Edwin Groothuis <edwin@mavetju.org>
References: <20030917182850.Q52432-100000@mail.econolodgetulsa.com>
	<20030918014203.GA59403@k7.mavetju>
In-Reply-To: <20030918014203.GA59403@k7.mavetju>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-net@freebsd.org
cc: Josh Brooks <user@mail.econolodgetulsa.com>
Subject: Re: I would like to tcpdump and get all the packets...
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Sep 2003 06:14:53 -0000

Edwin Groothuis wrote:

>On Wed, Sep 17, 2003 at 06:31:03PM -0700, Josh Brooks wrote:
>  
>
>>Whenever I run:
>>
>>tcpdump -vvv
>>
>>when I am finished, I am surprised to see:
>>
>>27441 packets received by filter
>>7866 packets dropped by kernel
>>    
>>
>
>That's because the buffer of captures-but-not-yet-processed packets
>in tcpdump was filled up. In other words, your system is to slow
>to process the amount of traffic going through your machine.
>
>  
>
Sure, but because the bug in pcap-bpf.c there is no way to set the 
buffer above 32768
without recompiling the library after applying the patch.

This bug should be fixed in the FreeBSD copy of libpcap because tcpdump 
folks seem
to be quite dormant.

Pete