[Snort-devel] Tcpdump Packet loss

Storms of Perfection ancient at ...459...
Sun Jun 10 07:58:23 EDT 2001

Have you checked to see if you have any firewall rules installed/active?


At 03:21 AM 6/9/2001, Subba Rao wrote:

>I am running OpenBSD 2.8. The system has Tcpdump version 3.4.0 along with
>libpcap version 0.5
>After running tcpdump for a while on an active network (Linux, OpenBSD and 
>I interrupted and saw the following output at the end,
>         83190 packets received by filter
>         81285 packets dropped by kernel
>Why are the packets being dropped by the kernel? The ethernet adapter is from
>3Com. I was told that OpenBSD NE2000 driver drop packets. The 3Com adapter
>works great. Does this mean that I cannot analyze all the traffic on the
>The final goal is to use Snort on this box. Several people, including
>Martin Roesch, recommend using OpenBSD as the platform for Snort. If packets
>are getting dropped, then I am concerned that Snort may miss some attacks in
>the dropped packets.
>Any information is appreciated.
>Subba Rao
>subba9 at ...243...
>GPG public key ID 27FC9217
>Key fingerprint = 2B4C 498E 1860 5A2B 6570  5852 7527 882A 27FC 9217
>Snort-devel mailing list
>Snort-devel at lists.sourceforge.net

More information about the Snort-devel mailing list