https://bugzilla.novell.com/show_bug.cgi?id=473297 Summary: Does not reliably capture packets using tcpdump due to libpcap Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: x86-64 OS/Version: openSUSE 11.1 Status: NEW Severity: Major Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: gooris@alcatel-lucent.com QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 With the Suse 11.1 distribution, use tcpdump to capture packets for example on the local interface. Good chance that you are missing most of the packets. Reproducible: Always Steps to Reproduce: In one window run : # iperf -s -i 1 -u In a second window run : # tcpdump -i lo -w /tmp/mytrace.eth In a third window run : # iperf -c localhost -u -i 1 -b 1000k -t 100 After 100 seconds, iperf -c sent 8505 packets (udp) Now stop the tcpdump, and it will report the number of packets. Consider to use wireshark to further read the captured data file. This should be 8507 packets (two more that 8505 due to iperf reporting) Note that extra packets may be captured, so some filtering with tcpdump parameters may be needed to only see the iperf packets. Instead of this procedure, you can run ping for a few minutes, and draw the same conclusion. Actual Results: The captured file does not contain all the packets, while the communication path itself does not show any packet loss. Therefore the conclusion is that the capturing method seems to be unreliable. This test has been accomplished on a x86_64 pc. A former Suse release 10, does not show these problems. Expected Results: All the packets should have been captured. To solve this issue, you need to rebuild tcpdump and wireshark using libpcap-1.0.0 or higher. The Suse 11.1 distributed version of libpcap is 0.9.8. ( you can check that with `rpm -qa | grep libpcap`. Download libpcap-1.0.0, configure, make, make install, and rebuild tcpdump etc.. Retest the above procedure. By the way, libpcap-1.0.0 does not include the missing 'any' interface. Refer to Novell ticket 463182 for this.. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.