dalmasso cedric wrote:
I use Linux Mandriva 2006 and as I describe in subject with tcpdump
50% of received packet are missing! I provide many test and it's also
the same I capture 1/2 of received packets.
...
923 packets captured
1846 packets received by filter
There's a bug in libpcap 0.9[.x] (and maybe 0.8[.x]) that causes the
count of packets "received by filter" to be twice (or approximately
twice) the number of packets actually received, on systems with newer
kernels (kernels supporting the PACKET_STATISTICS socket option on
PF_PACKET sockets).
So it's not that you're capturing 1/2 of the received packets; it's that
the reported number of received packets is 2/1 the actual number of
received packets.
I've checked in a change that should fix this; if you can get the
current CVS version of libpcap (and tcpdump) and build them together
(unpack both into subdirectories of the same directory, configure and
build libpcap, then configure and build tcpdump, so that tcpdump is
built with the version of libpcap you just built), or get the next
"current" tarball sfrom tcpdump.org (2005-11-25 or later) when it
appears on the Web site and try those, see if that fixes the problem.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
