Wireshark · Ethereal-dev: Re: [Ethereal-dev] about TCP segment(s) reconstruction and tcpdump

Ethereal-dev: Re: [Ethereal-dev] about TCP segment(s) reconstruction and tcpdump

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Tue, 19 Jul 2005 12:45:09 -0700

Srivathsan_Srinivasagopalan wrote:

Does tcpdump occasionally not register a tcp segment (underheavy traffic)?

If by "register" you mean "successfully capture and receive", yes, it'spossible that, if the traffic on the network is heavy enough, tcpdump(or Ethereal, or Tethereal, or Analyzer, or snoop, or, I suspect, mostcommercial network analyzers) could fail to capture and save all packetsthat the user wants.

A capture filter specifying which packets are of interest would helphere, as it would reduce the amount of CPU time and disk bandwidth usedto save the packets to disk. (Note, of course, that you need to haveenough *file system* bandwidth available, if you're saving the trafficto a file in a file system; a file system usually can't use all thedisk's bandwidth, as the file might not be in a single contiguous chunkon the disk, and the file system has its own "overhead" metadata thatgets updated as well.)

References:
- [Ethereal-dev] about TCP segment(s) reconstruction and tcpdump
  - From: Srivathsan_Srinivasagopalan

Prev by Date: [Ethereal-dev] Re: Ethereal-dev Digest, Vol 27, Issue 25
Next by Date: Re: [Ethereal-dev] Is it possible to set color of a particular field of a packet
Previous by thread: [Ethereal-dev] about TCP segment(s) reconstruction and tcpdump
Next by thread: [Ethereal-dev] Vote for removal of some User Guide sections
Index(es):
- Date
- Thread