tcpdump mailing list archives
Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0
From: Guy Harris <guy () alum mit edu>
Date: Mon, 8 Sep 2008 15:01:35 -0700
On Sep 8, 2008, at 6:27 AM, lei wei wrote:
By "unacceptable", I mean the number of packets that tcpdump processed wasonly a fractionof that of it received. I assume that "Number of Packets received by filter"are the packets were matched by the filter expression,
No.On systems with BPF (including all versions of FreeBSD, including 6.0 and 7.0, and with all versions of libpcap), "Number of Packets received by filter" is the number of packets that were handed to the filter to match, *including packets that were not matched by the filter expression*.
On some other systems (e.g., Linux), it's the number of packets that passed the filter, regardless of whether they were dropped because the system ran out of buffer space.
so with a filter, tcpdump can only process 3984 out of 1091656 ip packets....
So, with a filter, tcpdump was only handed 3984 packets out of 1091656 packets.
Note that "ip" means IPv4, not IPv4 and IPv6; if most of the traffic on your network is either non-IP traffic (note that ARP traffic is not IP traffic) or IPv6 traffic, a filter of "ip" will filter out most of the traffic received.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 07)
- Re: tcpdump3.9.8 slow performance with filter in sthaug (Sep 08)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 08)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 Guy Harris (Sep 08)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 09)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 Guy Harris (Sep 09)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 08)
- Re: tcpdump3.9.8 slow performance with filter in sthaug (Sep 08)
- <Possible follow-ups>
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 Alexander Dupuy (Sep 10)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 10)
- Re: tcpdump3.9.8 slow performance with filter in sthaug (Sep 10)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 Alexander Dupuy (Sep 10)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 10)