Hi all,
Recently I've been investigating why tcpdump on my IDS shows quite a few
packets as being dropped. I think this is because my traffic to the IDS is
fed through a hub where I know there are many collisions (there may be too
many packets per second for the little soho 10/100 hub to handle
A few comments:
1) I doubt that collisions are the cause. A collision will actually
prevent tcpdump from seeing the packet and reduce the throughput of the
network, thus tcpdump should drop fewer packets.
2) You can check the number of collisions on most Unix/Linux boxes using
ifconfig. You'll
Matt Van Mater wrote:
Recently I've been investigating why tcpdump on my IDS shows quite a few
packets as being dropped.
Probably because it's receiving so many packets that it can't keep up.
Drops, as reported by tcpdump, are drops due to the buffer in the packet
capture mechanism overflowing d
> Recently I've been investigating why tcpdump on my IDS shows quite a few
> packets as being dropped. I think this is because my traffic to the IDS is
> fed through a hub where I know there are many collisions (there may be too
> many packets per second for the little soho 10/100 hub to handle
-BEGIN PGP SIGNED MESSAGE-
> "Matt" == Matt Van Mater <[EMAIL PROTECTED]> writes:
Matt> Recently I've been investigating why tcpdump on my IDS shows
Matt> quite a few packets as being dropped. I think this is because
Matt> my traffic to the IDS is fed through a hub where
-BEGIN PGP SIGNED MESSAGE-
> "Aaron" == Aaron Turner <[EMAIL PROTECTED]> writes:
Aaron> 2) You can check the number of collisions on most Unix/Linux
Aaron> boxes using ifconfig. You'll see a collisions counter which
Aaron> will increment over time. Other errors and stati
On Oct 31, 2004, at 6:15 PM, Pete Wilson wrote:
although do you want to exclude TCP or exclude everything but UDP
(or exclude everything but port-161 and port-162 UDP traffic)?
Well, since you ask :-) Yes, sure.
Then that's where the
If you want to see all UDP traffic to and from particular hosts
Hi,
Sorry to bother you.
I want to know in what situations the machine's
network is set to "promiscuous" mode. For example, I
know when I execute "tcpdump" on my machine, it's set
to be in promiscuous mode. Any other cases?
And is it correct that without "tcpcump", the network
is not in promiscu
Kathy Chen a écrit :
Hi,
Sorry to bother you.
I want to know in what situations the machine's
network is set to "promiscuous" mode. For example, I
know when I execute "tcpdump" on my machine, it's set
to be in promiscuous mode. Any other cases?
Yes, that's program's that decide to put your NIC
Thanks for your reply!
xiaofang
> >I want to know in what situations the machine's
> >network is set to "promiscuous" mode. For example,
> I
> >know when I execute "tcpdump" on my machine, it's
> set
> >to be in promiscuous mode. Any other cases?
> >
> >
> Yes, that's program's that decide to
Hi, all,
When I call
u_char *packet = pcap_next(handle, &header);
I can get the packet length value, but I can't really
get the "packet" data (Using printf(..., packet)).
Even if I call this "pcap_next()" continuously, the
same problem exist.
Could any of you point out the reason for me? Fr
We can't help you without source code.
Regards,
Seb :)
Kathy Chen a écrit :
Hi, all,
When I call
u_char *packet = pcap_next(handle, &header);
I can get the packet length value, but I can't really
get the "packet" data (Using printf(..., packet)).
Even if I call this "pcap_next()" continuously,
(Blah blah blah once again I forgot to set the from line yes I know I
should set up my sonic address as an alias but if I sent from my mit
address replies get to me at work and at home so I can respond from
either site blah blah blah.)
Kathy Chen wrote:
I want to know in what situations the mac
(Blah blah blah oops I did it again blah blah blah avoid duplicate
message detection blah blah blah.)
Kathy Chen wrote:
I want to know in what situations the machine's
network is set to "promiscuous" mode.
It's put into promiscuous mode if an application requests that the
interface be put into pr
(Blah blah blah another wrong from line blah blah blah avoid the
duplicate message detector blah blah blah.)
Kathy Chen wrote:
When I call
u_char *packet = pcap_next(handle, &header);
I can get the packet length value, but I can't really
get the "packet" data (Using printf(..., packet)).
The
15 matches
Mail list logo
