[Discuss] tcpdump

[Michael Foltinek]

Hello, all,

I need a swat with the clue stick:

The man page for tcpdump doesn't adequately explain the difference
between the number of packets captured, and the number "received by
filter". I did a capture where the number of packets received by the
filter was twice the number captured. I didn't have any regular
expression in the tcpdump command, so I was assuming that I'd get
every packet that went by the interface (on a mirror port on a
switch). There were no packets dropped by the kernel (as reported by
tcpdump).

Honestly, I'm stumped. I've googled around, but can't find the wheat
for the chaff, so I'm appealing to the gurus in VLUG for a clue. Why
wouldn't it capture all the packets that went by? What am I missing?

-- 
True compassion is more than flinging a coin at a beggar; it comes to
see that an edifice which produces beggars needs restructuring.
	- Dr. Martin Luther King Jr.