[Discuss] tcpdump
Michael Foltinek
foltinek at gmail.com
Fri Aug 4 11:19:34 PDT 2006
Thanks very much for the link.
Unfortunately, I know that I'm missing data, so I'm not sure that this
entirely explains what tcpdump is reporting.
Oh well, I'll try wireshark/ethereal and see what happens.
On 8/4/06, Justin Weissig <jweissig at gmail.com> wrote:
> Check out, http://www.tcpdump.org/lists/workers/2004/01/msg00007.html
>
> Peace,
> - jw
>
> On 8/3/06, Michael Foltinek <foltinek at gmail.com> wrote:
> > Hello, all,
> >
> > I need a swat with the clue stick:
> >
> > The man page for tcpdump doesn't adequately explain the difference
> > between the number of packets captured, and the number "received by
> > filter". I did a capture where the number of packets received by the
> > filter was twice the number captured. I didn't have any regular
> > expression in the tcpdump command, so I was assuming that I'd get
> > every packet that went by the interface (on a mirror port on a
> > switch). There were no packets dropped by the kernel (as reported by
> > tcpdump).
> >
> > Honestly, I'm stumped. I've googled around, but can't find the wheat
> > for the chaff, so I'm appealing to the gurus in VLUG for a clue. Why
> > wouldn't it capture all the packets that went by? What am I missing?
> >
> > --
> > True compassion is more than flinging a coin at a beggar; it comes to
> > see that an edifice which produces beggars needs restructuring.
> > - Dr. Martin Luther King Jr.
> > _______________________________________________
> > Discuss mailing list
> > Discuss at vlug.org
> > http://ladybug.vlug.org/cgi-bin/mailman/listinfo/discuss
> >
> _______________________________________________
> Discuss mailing list
> Discuss at vlug.org
> http://ladybug.vlug.org/cgi-bin/mailman/listinfo/discuss
>
--
True compassion is more than flinging a coin at a beggar; it comes to
see that an edifice which produces beggars needs restructuring.
- Dr. Martin Luther King Jr.
More information about the Discuss
mailing list