On Nov 25, 2013, at 11:01 AM, Eliezer Croitoru <elie...@ngtech.co.il> wrote:
> I am running Linux on couple systems: Gentoo, Ubuntu 10.04+newers, CentOS. What kernel version? > On the ubuntu that I am using now: > tcpdump version 4.4.0 > libpcap version 1.4.0 > > On the CentOS it's the exact same version output: If you're running on a system with a 3.2 or later kernel, then, if you use libpcap built from the current Git trunk, it can use version 3 of the memory-mapped capture mechanism (TPACKET_V3), which makes more efficient use of the capture mechanism's buffers than do earlier versions of that mechanism (TPACKET_V1 and TPACKET_V2), resulting in fewer packet drops. > So In a case there is not much ram limitation for the machine I would thing > that an option to use more ram for these buffers can be an option. Yes - that's what the -B flag to tcpdump lets you do. (The default is 2MB on Linux.) _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
