tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Problem With TCPDUMP

From: Ali Jawad <alijawad1 () gmail com>
Date: Fri, 16 Oct 2009 00:56:19 +0300
You saved my day. The -n option did it.
Thanks a lot.


On Thu, Oct 15, 2009 at 6:46 PM, Abhijit Bare <abhibare () gmail com> wrote:

Can you try using "-n" option? I have seen tcpdump not responding to ctrl+c
if "-n" is not used and it is busy doing DNS resolutions on all IP addresses
it received, as that is the default behavior. That might also drop packets
at kernel level.

Other thing to try out is using "-w" option to write to a pcap file instead
of printing out in realtime.

- Abhijit

On Thu, Oct 15, 2009 at 1:57 AM, Ali Jawad <alijawad1 () gmail com> wrote:


Hi
When I do launch TCPDUMP it does not fetch traffic as it should I am
remotely connected to a CLI only Debian system and if I run tcpdump
for 5 minutes all I get is a couple of packets. Another strange thing
is that I can not stop tcpdump with ctrl + c ..all I get is ^C.
I did try using dpkg installer and installing 4.0 and 3.9.8 from source.

monitor01:/usr/src# tcpdump -V
tcpdump version 3.9.8
libpcap version 0.9.8

monitor01:/usr/src# uname -a
Linux monitor01 2.6.29.2.20090503.x3550 #1 SMP Sun May 3 12:57:31 CDT
2009 x86_64 GNU/Linux

monitor01:/usr/src# tcpdump -v
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96
bytes
^C^C^C^C^C^C^C^C^C^C^C


monitor01:/usr/src# tcpdump -v -c 3
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96
bytes
03:51:59.173723 IP xxxxxxxxxxxxxxxxxxxxxx
03:51:59.174215 IP xxxxxxxxxxxxxxxxxxxxxxxx
03:51:59.176474 IPxxxxxxxxxxxxxxxxxxxxxxxxxx
3 packets captured
113 packets received by filter
0 packets dropped by kernel

The result above took 4 minutes....!!!

Any more info or hints needed ?

Regards
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: