Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

Recommended Posts

在一台suse linux上使用tcpdump命令抓包,出现“packets dropped by kernel”,一般造成这种丢包的原因是libcap抓到包后,tcpdump上层没有及时取出,导致libcap缓冲区溢出,从而覆盖了未处理包,显示为dropped by kernel,这里的kernel并不是说是被linux内核抛弃的,而是被tcpdump的内核,即libcap抛弃掉。
解决方法:

根据以上分析,可以通过改善tcpdump上层的处理效率来减少丢包率,下面的几步根据需要选用,每一步都能减少一定的丢包率。

1.最小化抓取过滤范围,即通过指定网卡,端口,包流向,包大小减少包数量

2. 添加-n参数,禁止反向域名解析
tcpdump -i eth0 dst port 1234 and udp -s 2048 -n -X -tt >a.pack
大多数情况这样就可以解决
可以通过改善tcpdump上层的处理效率来减少丢包率

3. 将数据包输出到cap文件
tcpdump -i eth0 dst port 1234 and udp -s 2048 -n -X -tt -w a.cap

4. 用sysctl修改SO_REVBUF参数,增加libcap缓冲区长度

Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...