It increases the buffer size in the kernel to give tcpdump more time to get
around to processing the packet before it gets overwritten
now that we have tcpdump working well, please ramp up your sending speed to see
how fast you can go before you start loosing packets at the network/os level.
David Lang
On Tue, 1 Oct 2013, Robert wrote:
great what does that do exactly?
[rcortiz@simon ~]$ sudo nice -10 /usr/sbin/tcpdump -i eth2.10 -s 90 -nn port
514 -B 8192 | cut -c 1-8 | uniq -c
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2.10, link-type EN10MB (Ethernet), capture size 90 bytes
115415 16:57:13
250000 16:57:14
250000 16:57:15
250005 16:57:16
250002 16:57:17
249999 16:57:18
249999 16:57:19
250000 16:57:20
250001 16:57:21
250003 16:57:22
250002 16:57:23
249999 16:57:24
250004 16:57:25
250003 16:57:26
249999 16:57:27
250000 16:57:28
250003 16:57:29
250002 16:57:30
4459189 packets captured
4462243 packets received by filter
0 packets dropped by kernel
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
