packets captured and received by filter

[George Nychis <gnychis () cmu edu>]

Hi all,

This is a tcpdump specific question, sorry that it is not directly a
wireshark question.  I could not find a user's mailing list for tcpdump.  I
was hoping that some overlap in the community would be able to help.

I am capturing wireless traffic on ath0 as follows:
sudo tcpdump -s 0 -i ath0 -w /tmp/tmp.pcap

When finished, I see:
19431 packets captured
38863 packets received by filter
0 packets dropped by kernel

Why is there a gap between packets received by the filter, and captured?
Can the machine not keep up with the capture?

I tried capping the amount of data captured, and it doesn't seem to help:
sudo tcpdump -s 10 -i ath0 -w /tmp/tmp.pcap
19096 packets captured
38193 packets received by filter
0 packets dropped by kernel

I'd greatly appreciate any feedback.

Thanks!
George

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe