tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Reliability issues with BPF

In doing some testing on NetBSD, I'm discovering
that BPF and tcpdump is not 100% reliable when it
comes to capturing packets. What do I mean by that?
When ^C (or SIGINT) is sent to tcpdump, packets
that it ought to have captured simply aren't.

For example, if I start tcpdump in the background
and then run an ipv6 ping generating 2000 byte
packets with a command like "ping6 -nc3 -s2000 fec0::1",
the ping ends successfully but terminating the
tcpdump may show as few as 8 packets rather than
12. 3 packets going in each direction (echo plus
echo reply) makes 6, doubled for fragments gives
12. I can't for the life of me think why this
should be.

Clues anyone?


Home | Main Index | Thread Index | Old Index