tcpdump mailing list archives
elimininating dropping of packets by the kernel during packet capture
From: "Code Master" <cpp.codemaster () gmail com>
Date: Sat, 26 May 2007 12:19:04 +1200
On a sniffer computer (P4 1.6GHz with 368MB ram running ubuntu without X server) which is equipped with a gigabit card and connected to the gigabit port set to mirror other ports on a cluster switch (all other ports on the switch are ordinary 10/100M), I am tying to capture tcp packets: sudo nice -20 tcpdump -v -s0 -i eth1 -w /tmp/stuff.pcap tcp where eth1 is the gigabit port and /tmp is mounted on tmpfs (ramdisk) to avoid delays. I only run this command on console and I have turn off X server and any other unnecessary services to decrease delay (I checked wtih ps aux However when there is a lot of packets, tcp dump reports some packet dropped (e.g. 200-300 packets per 60000 packets) "by the kernel". Then I ran ifconfig eth1 and it says no packets were dropped (does it mean that no packets were dropped within the network card?) Now can you see where the packet is dropped in the kernel (is it because the buffer is not big enough?) and how can I eliminate packet drops? Thanks! - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- elimininating dropping of packets by the kernel during packet capture Code Master (May 25)
- Re: elimininating dropping of packets by the kernel during packet capture Nguyen Huy Ha (Jun 01)
- Re: elimininating dropping of packets by the kernel during packet capture Code Master (Jun 02)
- Re: elimininating dropping of packets by the kernel during packet capture Nguyen Huy Ha (Jun 01)