Skip to main content
Unix & Linux

Return to Question

Tweeted twitter.com/#!/StackUnix/status/108202462699208704
added 6 characters in body; edited tags
Source Link
Caleb
Caleb
  • 72k
  • 19
  • 203
  • 233

Going through the man page of tcpdumptcpdump, Itit seems kernel can drop the packets if the buffer is full. I was wondering if:

  1. that size is configurable and/or 2) 
  2. where can I see the size for my distro?

From the man page (for easy reference):

packets ``dropped by kernel'' (this is the number of packets that were dropped, due to a lack of buffer space, by the packet capture mechanism in the OS on which tcpdump is running, if the OS reports that information to applications; if not, it will be reported as 0).

packets ``dropped by kernel'' (this is the number of packets that were dropped, due to a lack of buffer space, by the packet capture mechanism in the OS on which tcpdump is running, if the OS reports that information to applications; if not, it will be reported as 0).

Going through the man page of tcpdump, It seems kernel can drop the packets if the buffer is full. I was wondering if

  1. that size is configurable and/or 2) where can I see the size for my distro?

From the man page (for easy reference):

packets ``dropped by kernel'' (this is the number of packets that were dropped, due to a lack of buffer space, by the packet capture mechanism in the OS on which tcpdump is running, if the OS reports that information to applications; if not, it will be reported as 0).

Going through the man page of tcpdump, it seems kernel can drop the packets if the buffer is full. I was wondering if:

  1. that size is configurable and/or 
  2. where can I see the size for my distro?

From the man page (for easy reference):

packets ``dropped by kernel'' (this is the number of packets that were dropped, due to a lack of buffer space, by the packet capture mechanism in the OS on which tcpdump is running, if the OS reports that information to applications; if not, it will be reported as 0).

Source Link
Anon
Anon
  • 201
  • 1
  • 2
  • 3

Buffer size for capturing packets in kernel space?

Going through the man page of tcpdump, It seems kernel can drop the packets if the buffer is full. I was wondering if

  1. that size is configurable and/or 2) where can I see the size for my distro?

From the man page (for easy reference):

packets ``dropped by kernel'' (this is the number of packets that were dropped, due to a lack of buffer space, by the packet capture mechanism in the OS on which tcpdump is running, if the OS reports that information to applications; if not, it will be reported as 0).