Public bug reported: The issue always occurs on our Ubuntu 16.04 LTS Server, with following installed versions:
@client1:~$ uname -a Linux client1 4.4.0-146-generic #172-Ubuntu SMP Wed Apr 3 09:00:08 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux @client1:$ lsb_release -ci Distributor ID: Ubuntu Codename: xenial @client1:$ cat /proc/version_signature Ubuntu 4.4.0-146.172-generic 4.4.177 @client1:~$ tcpdump --version tcpdump version 4.9.2 libpcap version 1.7.4 OpenSSL 1.0.2g 1 Mar 2016 Problem description: The problem is that not all outbound packets (ARP requests) really sent by the Ubuntu server into the line are captured by tcpdump. Four ARP requests are sent by the Ubuntu server very quickly, in terms of microseconds. Four ARP replies come back from the remote network component, and these 4 replies are captured and seen in the tcpdump pcap capture file (OK). However, 3 of 4 ARP requests sent from Ubuntu server are not captured by tcpdump in the pcap file. It's a problem. The problem is always reproducible: 4 ARP replies from the remote network component (a router, non Ubuntu) on 4 ARP requests from our Ubuntu server, but only one outbound ARP request of four sent ARP requests can be seen in tcpdump trace, not other 3 ARP requests sent from the eth2 interface by the Ubuntu server. A tcpdump capture is done on the Ubuntu server as follows: @client1:~$ sudo sudo /usr/sbin/tcpdump -s 1600 -i eth2 -w /home/sectool/traces/run1.pcap -C 420 tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 1600 bytes ^C413 packets captured 413 packets received by filter 0 packets dropped by kernel 137 packets dropped by interface @client1:~$ sudo /usr/sbin/tcpdump -s 1600 -i eth2 -w /home/sectool/traces/run2.pcap -C 420 tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 1600 bytes ^C161 packets captured 162 packets received by filter 0 packets dropped by kernel 53 packets dropped by interface We need an evidence in form of e.g. a tcpdump error message that the 3 of 4 outbound ARP requests from Ubuntu server, which are missing in tcpdump pcap trace, were really sent into the line but simply could not be captured on any reason by tcpdump. ** Affects: tcpdump (Ubuntu) Importance: Undecided Status: New ** Attachment added: "tcpdump pcap traces" https://bugs.launchpad.net/bugs/1828392/+attachment/5262670/+files/09-May-2019_tcpdump-traces.zip -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1828392 Title: Oubound packets sent into the line are not all captured by tcpdump To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tcpdump/+bug/1828392/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs