Henry
Reputation: 151
tcpdump to capture error IP Flags packets
I am using:
# tcpdump -i gphy -vv -B 28000 -s 120 -w log.pcap tcp portrange 10032-10001
to capture packets which I sent out from a host, and I notice all the packets with IP flags altered are missing, is there away to capture all packets even if IP flags is not correctly programmed ?
Upvotes: 0
Views: 1295
Answers (1)
gratio
Reputation: 83
This non deterministic behaviour could occur due to multiple potential reasons, such as incorrectly setting the 'Do Not Fragment' bit in IP flags, which may result in the packet being dropped. Perhaps you should ensure that you've correctly set the IP flags field to check whether the packet is being sent. If it is being sent (and not being dropped during transmission), with the given command you should be able to capture all packets (provided they match the filter).
Upvotes: 1
Related Questions
- How to resolve tcpdump dropped packets?
- tcpdump: How do I suppress packet information?
- How to capture TCP/IP fragmentation in tcpdump?
- tcpdump / wireshark capturing problems
- libpcap can't capture IP fragments
- tcpdump : Match exact packet length
- Why doesn't tcpdump catch packet after specifying ip?
- tcpdump of udp packets containing data
- Generate tcpdump with raw ip encap
- Using tcpdump to capture a specific port when UDP message can be fragmented