All Questions
3 questions
1
vote
1
answer
1k
views
tcpdump slowed down by... its own filter?
Do long BPF filters slow down tcpdump?
I replay a packet trace where all the packets have ttl=k and wait for ICMP messages back. What I've been noticing is that if I use the following filter (on eth0)...
- 22.8k
4
votes
1
answer
513
views
localhost icmp packet found in capture file: why?
Here's my tcpdump filter (ip[8] is the IP ttl field and icmp[0]=11 corresponds to time-exceeded ICMP messages):
(ip and ip[8]=2 and src host $myIPAddress) or (icmp and dst host $myIPAddress and icmp[...
- 22.8k
1
vote
1
answer
4k
views
two instances of tcpdump at the same time?
Are there any known problems in running two instances of tcpdump at the same time on the same network interface (with non-conflicting filters)?
I'm experiencing some weird timestamping and I thought ...
- 22.8k