Tcpdump dropping packets
Paul Schmehl
pauls at utdallas.edu
Wed Jun 7 21:14:04 UTC 2006
I'm fiddling around with ntop, but, after an initial packet capture, it
doesn't capture any more traffic. It claims that libpcap is dropping
all the packets.
If I run tcpdump like this:
tcpdump -i <interface>
I get this:
15 packets captured
51104 packets received by filter
50288 packets dropped by kernel
If I run tcpdump like this:
tcpdump -i <interface> -w filename
I get this:
65235 packets captured
65489 packets received by filter
0 packets dropped by kernel
Is there a sysctl tweak that can at least reduce the packet loss? Is
there a setting in ntop that I'm missing?
If I send tcpdump to a file, can ntop read the file continuously? Or
will it only read it one time?
--
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5007 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060607/4b4c7094/smime.bin
More information about the freebsd-questions
mailing list