tcpdump mailing list archives
Re: tcpdump3.9.8 slow performance with filter in
From: sthaug () nethelp no
Date: Wed, 10 Sep 2008 21:15:53 +0200 (CEST)
Thanks alot Alex, that's exactly the problem since the university uses VLAN based on packet tags. Actually I'm using pcap to do some packet payload processing on FreeBSD. It seems right now that if I use the filter "ip or (vlan and ip)", the packet returned from pcap contains the VLAN tag. I wonder if there's a way to let the OS to strip off the tag before deliverying?
Yes, you can configure a VLAN interface on FreeBSD, and the OS will strip the VLAN tag before delivering it to tcpdump. *But* you cannot sniff promiscuously on a VLAN interface - which means you'll only get traffic addressed directly to the host. Steinar Haug, Nethelp consulting, sthaug () nethelp no - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 07)
- Re: tcpdump3.9.8 slow performance with filter in sthaug (Sep 08)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 08)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 Guy Harris (Sep 08)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 09)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 Guy Harris (Sep 09)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 08)
- Re: tcpdump3.9.8 slow performance with filter in sthaug (Sep 08)
- <Possible follow-ups>
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 Alexander Dupuy (Sep 10)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 10)
- Re: tcpdump3.9.8 slow performance with filter in sthaug (Sep 10)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 Alexander Dupuy (Sep 10)
- Re: tcpdump3.9.8 slow performance with filter in FreeBSD 7.0 lei wei (Sep 10)