I would like to tcpdump and get all the packets...

From: Josh Brooks (user_at_mail.econolodgetulsa.com)
Date: 09/18/03

  • Next message: Edwin Groothuis: "Re: I would like to tcpdump and get all the packets..." 
    Date: Wed, 17 Sep 2003 18:31:03 -0700 (PDT)
To: freebsd-net@freebsd.org

    Whenever I run:

    tcpdump -vvv

    when I am finished, I am surprised to see:

    27441 packets received by filter
    7866 packets dropped by kernel

    I have pored over the tcpdump man page, but do not see how to tell it to
    not drop any of the packets.

    What is the purpose behind this ? I can't think of any situation where I
    would want to run tcpdump and not see certain things.

    The whole point of my tcpdump usage is to try to catch some malicious
    traffic that I think is hitting my system - if it is dropping so many
    packets, I might never see it!

    Many thanks - and also, just out of curiousity, what _is_ the situation in
    which it helps to throw out 20% of the packets and not see them ?

    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Edwin Groothuis: "Re: I would like to tcpdump and get all the packets..."

    Relevant Pages

    • odd tcpdump output w/ 6.0-BETA2 ...
      ... I get useless output from tcpdump (no ... header or protocol decode) but only when I specify a filter on the ... use -v or -vv for full protocol decode ... packets received by filter ...
      (freebsd-net)
    • Re: Packet capturing, iptables and eth0 vs. dummy0
      ... > tcpdump gets all packets from interface eth0 as seen in the bus, ... > filter, I cannot connect, but no output ... > comes from tcpdump, which is exactly what I expected in the case ... Is normal that tcpdump shows packets before they ...
      (Linux-Kernel)
    • Re: NFS regression? Odd delays and lockups accessing an NFS export.
      ... can you provide me with a binary tcpdump or wireshark dump? ... packets received by filter ... The kernel booted though, so that was okay. ... Guess it's back to the interactive editing over NFS and see if the thing ...
      (Linux-Kernel)
    • Re: Some connections refused
      ... packets received by filter ... tcpdump: listening on eth0, link-type EN10MB, capture size ... This just means that something is filtering packets from your test client.. ... the server end, so without the port 25 filter, I see the ssh packets ...
      (comp.mail.sendmail)
    • Re: ntpd fails to synchronize on FreeBSD 6.3-STABLE
      ... 12 packets received by filter ... Then let the tcpdump go for about 15 minutes. ... Firewall on my router/gateway is disabled, ... # shutdown -r now ...
      (freebsd-stable)