tcpdump mailing list archives
Re: Odd behaviour under Linux 2.6.21
From: "Gianluca Varenni" <gianluca.varenni () cacetech com>
Date: Thu, 5 Jul 2007 23:10:52 -0700
I guess it's some sort of TCP offloading done at the board level. The driver sends big frames (>1500bytes) to the NIC card, and the NIC card is responsible from creating smaller segments that are sent over the wire. I've seen a similar behavior on Windows with some gigabit network cards (if i remember well at least with some broadcom chipsets).
In this case libpcap, like any other software capture engine, captures what is passed to the NIC, so it was capture the big frames instead of what's actually transmitted on the wire.
Hope it helps GV----- Original Message ----- From: "James Healy" <jhealy () swin edu au>
To: <tcpdump-workers () lists tcpdump org> Cc: <lastewart () swin edu au> Sent: Thursday, July 05, 2007 10:44 PM Subject: Re: [tcpdump-workers] Odd behaviour under Linux 2.6.21
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 James Healy wrote:We've encountered some odd behaviour with tcpdump/libpcap under Linux 2.6.21 (debian etch) and are hoping that others might be able to shed some light on it for us.I've got some more information on this: I ran the same test under various Linux kernels (using standard Debian kernel packages), always with the same hardware setup and tcpdump 3.9.5 / libpcap 0.9.5. The sending host was running Linux, and the receiving host FreeBSD 6.2. However we've seen the same behaviour on Linux to Linux transfers. The following list indicates the kernels under which I observed the odd behaviour: 2.6.12 - No 2.6.15 - No 2.6.16 - No 2.6.17 - Yes 2.6.18 - Yes 2.6.21 - Yes So, the next question is, what changed between kernels 2.6.16 and 2.6.17? James -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGjdah4oawkrbYo/kRAr2MAJ98qcROO8KDbzKsYIqb6V+E8CcsRgCfUfKx 4EeOoMV7KUY4D0zidNFyC78= =tG7y -----END PGP SIGNATURE----- Swinburne University of Technology CRICOS Provider Code: 00111D NOTICEThis e-mail and any attachments are confidential and intended only for the use of the addressee. They may contain information that is privileged or protected by copyright. If you are not the intended recipient, any dissemination, distribution, printing, copying or use is strictly prohibited. The University does not warrant that this e-mail and any attachments are secure and there is also a risk that it may be corrupted in transmission. It is your responsibility to check any attachments for viruses or defects before opening them. If you have received this transmission in error, please contact us on +61 3 9214 8000 and delete it immediately from your system. We do not accept liability in connection with computer virus, data corruption, delay, interruption, unauthorised access or unauthorised amendment.Please consider the environment before printing this email. - This is the tcpdump-workers list.Visit https://cod.sandelman.ca/ to unsubscribe.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Odd behaviour under Linux 2.6.21 James Healy (Jul 05)
- Re: Odd behaviour under Linux 2.6.21 James Healy (Jul 05)
- Re: Odd behaviour under Linux 2.6.21 Gianluca Varenni (Jul 05)
- Re: Odd behaviour under Linux 2.6.21 James Healy (Jul 06)
- Re: Odd behaviour under Linux 2.6.21 Gianluca Varenni (Jul 05)
- Re: Odd behaviour under Linux 2.6.21 James Healy (Jul 05)