Hi,
It's not clear to me if you are running tcpdump on the server in question,
which might not be a good idea if its heavily loaded as tcpdump might add extra
load to the machine. You could check with top.
Which OS are you running and what versions of tcpdump/libpcap? What is the
packets/s or
On Nov 24, 2013, at 5:04 PM, Eliezer Croitoru wrote:
> Since I would not like to research tcpdump code I would like to get some help
> about it from others.
>
> So my kernel would declare on packets that was dropped but still the
> connection was OK and was not disrupted in any way I can thin
Hey Guy,
Thanks for the detailed response.
I am running Linux on couple systems: Gentoo, Ubuntu 10.04+newers, CentOS.
On the ubuntu that I am using now:
tcpdump version 4.4.0
libpcap version 1.4.0
On the CentOS it's the exact same version output:
tcpdump version 4.4.0
libpcap version 1.4.0
For
Hey,
Yes in high load it can cause some troubles.
The solution I could think about was a dedicated machine that would
receive all traffic from the replication(HUB-like) port while the
machine Ethernet is on promiscuous mode which will then capture all
traffic from the network.
I do not know
On Nov 25, 2013, at 11:01 AM, Eliezer Croitoru wrote:
> I am running Linux on couple systems: Gentoo, Ubuntu 10.04+newers, CentOS.
What kernel version?
> On the ubuntu that I am using now:
> tcpdump version 4.4.0
> libpcap version 1.4.0
>
> On the CentOS it's the exact same version output:
I
Ho ok.
On 25/11/13 21:28, Guy Harris wrote:
On Nov 25, 2013, at 11:01 AM, Eliezer Croitoru wrote:
>I am running Linux on couple systems: Gentoo, Ubuntu 10.04+newers, CentOS.
What kernel version?
I have one 2.6.32-X in the CentOS.
Ubuntu has 3.2+ kernels(3.2,3.4,3.7..)
Gentoo is another stor
