On Nov 16, 2003, at 6:59 PM, Ching Tung Lo wrote:
But the command "tethereal -l -V port 53 " didn't show all detailed
decoded packets on screen.
It dropped some packets.
If I redirect the tethereal output to a file "tethereal -l -V port 53 >
file ",dropped-packets condition will improve.
Writing to a file is probably faster than writing them to the screen.
Writing to a file without "-l" is probably faster than writing them with "-l".
(Note also that writing with "-l" shouldn't be necessary if you're not writing to the screen or to a pipe.)
If I use window-mode ethereal , no packets be dropped.
If you use window-mode Ethereal with an "Update list of packets in real time" capture, I suspect it'll drop a lot of packets.
However, if you don't, when Ethereal is capturing, it's *not* dissecting the packets, it's just writing them to a file; if it doesn't drop packets when you do that, it's probably dissecting packets when you're capturing them that's causing the problem with Tethereal.
Try doing
tethereal -w file port 53
and then, after your capture is done, read "file" with Tethereal (or Ethereal, or tcpdump).
Do you mean that if I recompile the linux kernel to turn on socket filtering and network packet filtering, "tethereal -V " will not drop any packets?
I can't guarantee that it won't drop any packets. However, I suspect it will drop fewer packets - perhaps none, perhaps not.
