On Sep 8, 2008, at 6:27 AM, lei wei wrote:
By "unacceptable", I mean the number of packets that tcpdump
processed was
only a fraction
of that of it received. I assume that "Number of Packets received by
filter"
are the packets were
matched by the filter expression,
No.
On systems with B
Hi,
By "unacceptable", I mean the number of packets that tcpdump processed was
only a fraction
of that of it received. I assume that "Number of Packets received by filter"
are the packets were
matched by the filter expression, so with a filter, tcpdump can only process
3984 out of 1091656
ip packe
> I'm currently doing packet capturing on a FreeBSD 7.0 system. I was actually
> running my own pcap based
> program but found the performance was very bad when I added a simple filter
> as "ip". So I tested tcpdump
> on the same machine. It turned out that the performance of tcpdump without a
> f
