Date: Wed, 17 Sep 2003 18:31:03 -0700 (PDT) From: Josh Brooks <user@mail.econolodgetulsa.com> To: freebsd-net@freebsd.org Subject: I would like to tcpdump and get all the packets... Message-ID: <20030917182850.Q52432-100000@mail.econolodgetulsa.com>
next in thread | raw e-mail | index | archive | help
Whenever I run: tcpdump -vvv when I am finished, I am surprised to see: 27441 packets received by filter 7866 packets dropped by kernel I have pored over the tcpdump man page, but do not see how to tell it to not drop any of the packets. What is the purpose behind this ? I can't think of any situation where I would want to run tcpdump and not see certain things. The whole point of my tcpdump usage is to try to catch some malicious traffic that I think is hitting my system - if it is dropping so many packets, I might never see it! Many thanks - and also, just out of curiousity, what _is_ the situation in which it helps to throw out 20% of the packets and not see them ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030917182850.Q52432-100000>