506 packets captured
67943 packets received by filter
67347 packets dropped by kernel
为何大量的包被内核丢弃了?
参考 需要添加一个 -n 参数来避免DNS反向解析
sudo tcpdump -n -i eth0
此时,内核丢包就会大幅度减少
33587 packets captured
37943 packets received by filter
4285 packets dropped by kernel
参考 可以增加缓存来减少包丢失
When tcpdump finishes capturing packets, it will report counts of:
packets ‘‘captured’’ (this is the number of packets that tcpdump has received and processed);
packets ‘‘received by filter’’ (the meaning of this depends on the OS on which you’re running tcpdump, and possibly on the way the OS was configured - if a filter was specified on the command line, on some OSes it counts packets
regardless of whether they were matched by the filter expression and, even if they were matched by the filter expression, regardless of whether tcpdump has read and processed them yet, on other OSes it counts only packets that
were matched by the filter expression regardless of whether tcpdump has read and processed them yet, and on other OSes it counts only packets that were matched by the filter expression and were processed by tcpdump);
packets ‘‘dropped by kernel’’ (this is the number of packets that were dropped, due to a lack of buffer space, by the packet capture mechanism in the OS on which tcpdump is running, if the OS reports that information to applica-
tions; if not, it will be reported as 0).