Tcpdump dropping packets

Paul Schmehl pauls at
Thu Jun 8 22:27:55 UTC 2006

Chuck Swiger wrote:
> Check sysctl debug.bpf_bufsize, but also do a search on this because 
> there may be a patch needed for PCAP in order for buffers larger than 
> 32K to actually work. [1]

sysctl debug.bpf_bufsize
sysctl: unknown oid 'debug.bpf_bufsize'

sysctl -a | grep bufsize
net.bpf.maxbufsize: 524288
net.bpf.bufsize: 4096

I assume bufsize is the default?  And maxbufsize is as high as it can 
go?  So it defaults to 4 megs and maxes out at 512 megs?  If true, how 
would I go about calculating a sufficiently large maxbufsize?  If I have 
approximate 150Mbps traffic, how much has to be held in the buffer?

Paul Schmehl (pauls at
Adjunct Information Security Officer
The University of Texas at Dallas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5007 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the freebsd-questions mailing list