Hi.
I'm using tcpdump-3.7.2 to capture ethernet traffic, and I'm wondering why it captures much less packets when I use option -w.
I have done the following test:
I've run "tcpdump -s0" many times for 10 seconds each time, and the average result is to capture about 100 packets.
I've run "tcpdump -s0 -w dumpfile" many times for 10 seconds each time, and the average result is to capture only 70 or 80 packets.
But both tests have been done in the same computer, at the same hour.
Is this behaviour expected?
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
