Wednesday, June 10, 2009

tcpdump "received by filter"

When you use tcpdump on Linux, and do not see all the packets you are expecting, and get something like this:

10 packets captured
100 packets received by filter
0 packets dropped by kernel

Make sure you use "tcpdump -Nn ...". This disables tcpdump name lookup, and makes tcpdump much faster/real-time. It took me some time to find this out. Hope this helps.
Posted by Tiebing at 7:14 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)