Ethereal-dev: Re: [Ethereal-dev] about TCP segment(s) reconstruction and tcpdump

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Tue, 19 Jul 2005 12:45:09 -0700
Srivathsan_Srinivasagopalan wrote:
Does tcpdump occasionally not register a tcp segment (under heavy traffic)?
If by "register" you mean "successfully capture and receive", yes, it's possible that, if the traffic on the network is heavy enough, tcpdump (or Ethereal, or Tethereal, or Analyzer, or snoop, or, I suspect, most commercial network analyzers) could fail to capture and save all packets that the user wants.
A capture filter specifying which packets are of interest would help here, as it would reduce the amount of CPU time and disk bandwidth used to save the packets to disk. (Note, of course, that you need to have enough *file system* bandwidth available, if you're saving the traffic to a file in a file system; a file system usually can't use all the disk's bandwidth, as the file might not be in a single contiguous chunk on the disk, and the file system has its own "overhead" metadata that gets updated as well.)