elimininating dropping of packets by the kernel during packet capture

["Code Master" <cpp.codemaster () gmail com>]

On a sniffer computer (P4 1.6GHz with 368MB ram running  ubuntu without X
server) which is equipped with a gigabit card and connected to the gigabit
port set to mirror other ports on a cluster switch (all other ports on the
switch are ordinary 10/100M), I am tying to capture tcp packets:

sudo nice -20 tcpdump -v -s0 -i eth1 -w /tmp/stuff.pcap tcp

where eth1 is the gigabit port and /tmp is mounted on tmpfs (ramdisk) to
avoid delays.  I only run this command on console and I have turn off X
server and any other unnecessary services to decrease delay (I checked wtih
ps aux

However when there is a lot of packets, tcp dump reports some packet dropped
(e.g. 200-300 packets per 60000 packets) "by the kernel".

Then I ran

ifconfig eth1

and it says no packets were dropped (does it mean that no packets were
dropped within the network card?)

Now can you see where the packet is dropped in the kernel (is it because the
buffer is not big enough?) and how can I eliminate packet drops?

Thanks!
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.