Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Recommended Posts

在一台suse linux上使用tcpdump命令抓包,出现“packets dropped by kernel”,一般造成这种丢包的原因是libcap抓到包后,tcpdump上层没有及时取出,导致libcap缓冲区溢出,从而覆盖了未处理包,显示为dropped by kernel,这里的kernel并不是说是被linux内核抛弃的,而是被tcpdump的内核,即libcap抛弃掉。



2. 添加-n参数,禁止反向域名解析
tcpdump -i eth0 dst port 1234 and udp -s 2048 -n -X -tt >a.pack

3. 将数据包输出到cap文件
tcpdump -i eth0 dst port 1234 and udp -s 2048 -n -X -tt -w a.cap

4. 用sysctl修改SO_REVBUF参数,增加libcap缓冲区长度

Link to post
Link to comment
Share on other sites


discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    • Create New...