Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
2182 packets received by filter
1983 packets dropped by kernel
Why is it dropping so many packets? Is there a way I can tell which packets are being dropped? I tried using the -j LOG, but it's still not telling me what packets it's dropping.
iptables -A FORWARD -j LOG <-- that syntax is correct or should I use something else?
I tried finding documentation on --log-level but I haven't been able to find any. I don't know if 0 or 255 is more verbose, I've tried both.
Any help or links would be much appreciated. Thanks in Advance.
tcpdump and iptables are two different entities. tcpdump should be getting what is coming over the wire (before iptables gets a hold of it). The kernel is not able to deliver the packets to tcpdump. How fast is your network vs. your machine? What is the load on the machine?
This should be plenty to route and NAT for 3 machines on my LAN.
Also, I understand tcpdump and iptables are not the same. My question was, why is tcpdump saying it's dropping a buttload of packets? The only reason I had iptables in there at all was that I was trying to log these dropped packets in the hopes it would help me solve the mystery.
TCPDump can't keep up with the network speed, read the machine isn't speedy enough to process all the packets on the wire - RAM is the issue not a the speed of the processor - your sniffer is a layer 2 (data link) packet analizer, for it to be able to process all the packets coming on thewire it needs place to buffer them, and 8 Mb isn't enough so it tries to swap memory using HDD - memory paging concepts - I bet your HDD is from the era of 486 computing which has a huge latency factor - that's why the pockets dropped.
The tcpdump man page explains the message. The kernel has a buffer for packets to be delivered to tcpdump. If tcpdump doesn't respond quickly enough, the kernel will overwrite old packets with new ones. I believe the key would be getting tcpdump to go faster.
What options are you passing to tcpdump? Are you writing to a file? I'm pretty sure tcpdump loses packets when it has to do DNS lookups, no matter what the speed of the machine. I also seem to remember tcpdump not being able to process all the packets when I had a 486 running Linux, but that was years ago.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
