How tcpdump determines the "dropped by kernel"?

[Eliezer Croitoru <eliezer () ngtech co il>]

I have been reading the man pages of tcpdump and I am not sure if my OS 
will report the relevant info.

Since I would not like to research tcpdump code I would like to get some 
help about it from others.

So my kernel would declare on packets that was dropped but still the 
connection was OK and was not disrupted in any way I can think about.

What exactly this "drop by kernel" means?
Is it dropped by kernel and was not handled by any application? or it 
means that the buffers of tcpdump got filled and there-for was dropped 
by tcpdump?

I am not sure I am even asking the right question but this is how it 
seems to me.

In any case I would like to do a very big dump into a storage system on 
a very loaded system and which I would like to not drop any packet by 
either the kernel or any other level if possible.
In a case there are tuning to the system in couple layers I would like 
to at least minimize the drops from lots of packets into a small amount 
of packets.

Thanks in Advance,
Eliezer
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers