Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Tcpdump packet loss

99 views
Skip to first unread message

Subba Rao

unread,
Jun 8, 2001, 9:14:58 PM6/8/01
to

Hi

I am running OpenBSD 2.8. The system has Tcpdump version 3.4.0 along with
libpcap version 0.5

After running tcpdump for a while on an active network (Linux, OpenBSD and NT),
I interrupted and saw the following output at the end,

83190 packets received by filter
81285 packets dropped by kernel

Why are the packets being dropped by the kernel? The ethernet adapter is from
3Com. I was told that OpenBSD NE2000 driver drop packets. The 3Com adapter
works great. Does this mean that I cannot analyze all the traffic on the
network?

Any information is appreciated.

TIA.

Subba Rao
sail...@home.com

Peter Van Epp

unread,
Jun 8, 2001, 10:58:39 PM6/8/01
to
Subba Rao <sail...@home.com> writes:


>Hi

>Any information is appreciated.

>TIA.

You need to boost the size of the bpf buffer (either by recompiling the
kernel or there is often an ioctl that will do it). As I recall the default
is 8K or so. The define is in net/bpf.c

xuid

unread,
Jun 21, 2001, 8:13:51 AM6/21/01
to
Subba,
Have you checked you hub?
- xuid

Barry Margolin

unread,
Jun 21, 2001, 10:47:54 AM6/21/01
to
In article <3ylY6.148675$ff.11...@news-server.bigpond.net.au>,

xuid <ca...@security.asn.au> wrote:
>Subba,
>Have you checked you hub?

The message says "dropped by kernel", not "dropped by hub".

--
Barry Margolin, bar...@genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

0 new messages