Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
tcpdump and iptables are two different entities. tcpdump should be getting what is coming over the wire (before iptables gets a hold of it). The kernel is not able to deliver the packets to tcpdump. How fast is your network vs. your machine? What is the load on the machine?
This should be plenty to route and NAT for 3 machines on my LAN.
Also, I understand tcpdump and iptables are not the same. My question was, why is tcpdump saying it's dropping a buttload of packets? The only reason I had iptables in there at all was that I was trying to log these dropped packets in the hopes it would help me solve the mystery.
TCPDump can't keep up with the network speed, read the machine isn't speedy enough to process all the packets on the wire - RAM is the issue not a the speed of the processor - your sniffer is a layer 2 (data link) packet analizer, for it to be able to process all the packets coming on thewire it needs place to buffer them, and 8 Mb isn't enough so it tries to swap memory using HDD - memory paging concepts - I bet your HDD is from the era of 486 computing which has a huge latency factor - that's why the pockets dropped.
The tcpdump man page explains the message. The kernel has a buffer for packets to be delivered to tcpdump. If tcpdump doesn't respond quickly enough, the kernel will overwrite old packets with new ones. I believe the key would be getting tcpdump to go faster.
What options are you passing to tcpdump? Are you writing to a file? I'm pretty sure tcpdump loses packets when it has to do DNS lookups, no matter what the speed of the machine. I also seem to remember tcpdump not being able to process all the packets when I had a 486 running Linux, but that was years ago.