I would like to tcpdump and get all the packets...
Petri Helenius
pete at he.iki.fi
Wed Sep 17 23:14:53 PDT 2003
Edwin Groothuis wrote:
>On Wed, Sep 17, 2003 at 06:31:03PM -0700, Josh Brooks wrote:
>
>
>>Whenever I run:
>>
>>tcpdump -vvv
>>
>>when I am finished, I am surprised to see:
>>
>>27441 packets received by filter
>>7866 packets dropped by kernel
>>
>>
>
>That's because the buffer of captures-but-not-yet-processed packets
>in tcpdump was filled up. In other words, your system is to slow
>to process the amount of traffic going through your machine.
>
>
>
Sure, but because the bug in pcap-bpf.c there is no way to set the
buffer above 32768
without recompiling the library after applying the patch.
This bug should be fixed in the FreeBSD copy of libpcap because tcpdump
folks seem
to be quite dormant.
Pete
More information about the freebsd-net
mailing list