June 10, 2009

tcpdump "received by filter"

When you use tcpdump on Linux, and do not see all the packets you are expecting, and get something like this:

10 packets captured
100 packets received by filter
0 packets dropped by kernel

Make sure you use "tcpdump -Nn ...". This disables tcpdump name lookup, and makes tcpdump much faster/real-time. It took me some time to find this out. Hope this helps.

No comments:

Post a Comment