Hello, On Tue, Sep 1, 2009 at 5:41 PM, Mitch Davis<[email protected]> wrote: > > We have been experiencing packet loss when capturing packets from a 3G > wireless modem using Fedora 10's tcpdump. In order to avoid dropped > packets, I have been trying the PF_RING patch. > > [r...@t999999920 ~]# ./tcpdump -i eth0 -n -w /dev/null > tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes > ^C216 packets captured > 218 packets received by filter > 0 packets dropped by kernel > [r...@t999999920 ~]# ./tcpdump -i usb0 -n -w /dev/null > tcpdump: listening on usb0, link-type USB_LINUX (USB with Linux > header), capture size 96 bytes
Further to this, the captured file appears to be captured USB traffic (encapsulating ethernet I guess), not ethernet traffic! I have tried passing -y EN10B to the PF_RING tcpdump, but I get: [r...@t999999920 ~]# ./tcpdump -y EN10B -i usb0 -n -w test100MB-load-nosave-PF_ring.pcap tcpdump: invalid data link type EN10B [r...@t999999920 ~]# (Passing -y USB_LINUX works, but I still get captured USB) Can anyone give me some pointers on how I can capture ethernet traffic using the PF_RING version of tcpdump, from a device with interface usb0 please? Thank you, Mitch. _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
