Re: dealing with collisions, dropped packets

[Michael Richardson <mcr () sandelman ottawa on ca>]

-----BEGIN PGP SIGNED MESSAGE-----


> > > > > "Matt" == Matt Van Mater <nutter_ () hotmail com> writes:
    Matt> Recently I've been investigating why tcpdump on my IDS shows
    Matt> quite a few packets as being dropped.  I think this is because
    Matt> my traffic to the IDS is fed through a hub where I know there
    Matt> are many collisions (there may be too many packets per second
    Matt> for the little soho 10/100 hub to handle).  I'm not sure how
    Matt> tcpdump handles collisions, and so I don't know if this is
    Matt> even a problem or not.
  
  neither tcpdump nor your NIC card even see the collision.
  AFAIK, only transmitters see them, and it causes them to back off and
retransmit.

    Matt> Is there a way to get more fine grained statistics on why
    Matt> packets are dropped, and would collisions coming in off a hub
    Matt> be shown as dropped?  I'm seeing a traffic feed of roughly

  Well, you need to ask your operating system about that.
  tcpdump runs on about a dozen different systems.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr () xelerance com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQYat7YqHRg3pndX9AQGL3QQApYNeH5nC2/19yhrYFI3yHeqoEEXVKZC7
CwX9AZ34GgyoGY3HLx+G3bLwSoREuOMlK8srGJQqzsTEA7UMGR7lIhsaQk7N9i2g
q9sUbj5jkPYUf2E3Nq/ltOcbEBTBkOBU5nJBkeBj3QslYT4QRtqCpI0np13DPcLd
CJnVBbOvZW0=
=F5+J
-----END PGP SIGNATURE-----
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.