Lots of packet drop in tcpdump tool

sujeetkumar · January 30, 2025, 9:48am

Actually i am using tcpdump tool to monitor packets in wireless network interface.

When i terminated tcpdump with Ctrl+C after few seconds and got this total summary as output:

# tcpdump -i wlan1 -s 0 -vvv 
...

313 packets captured
17320 packets received by filter
16987 packets dropped by kernel

Why is there such big dropped in number of packets captured by tcpdump?

After searching solution from the google i also tried with adding option -B 32768 with tcpdump in command line but still getting same lots of packet drop.

# tcpdump -i wlan1 -s 0 -vvv -B 32768

So how can i capture all packets at high bandwidth without dropping any packets?

Thanks in advance!

lleachii · January 30, 2025, 10:12am

Take a look at this:

What device are you running?

Please provide the output of:

ubus call system board

_bernd · January 30, 2025, 10:17am

I would also use -nN to not resolve hostnames and services and in addition --immediate-mode. And yes my gut feeling says that maybe the device is to slow or the buffer is to small....

sujeetkumar · January 30, 2025, 10:17am

root@OpenWrt:~# ubus call system board
{
        "kernel": "5.10.138",
        "hostname": "OpenWrt",
        "system": "ARMv7 Processor rev 5 (v7l)",
        "model": "Qualcomm Technologies, Inc. IPQ40xx/AP-DK01.1-C1",
        "board_name": "qcom,ap-dk01.1-c1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.0",
                "revision": "r19685-512e76967f",
                "target": "ipq40xx/generic",
                "description": "OpenWrt 22.03.0 r19685-512e76967f"
        }
}

i also tried with increasing the buffer size value.

lleachii · January 30, 2025, 10:20am

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

moeller0 · January 30, 2025, 10:23am

Instead of trying to capture full sized packets, maybe use -s 128 to only store the first 128 byte that should contain most/all headers? That way the same kernel buffer will suffice for more captured packets, which should reduce the number of dropped packets some.

sujeetkumar · January 30, 2025, 10:24am

No...

The firmware I'm using is built from the standard OpenWrite project.

frollic · January 30, 2025, 10:24am

from <> by, can you provide an openwrt.org DL link for the firmware ?

22.03.0 is EOL anyway, you should upgrade to .7.

system · February 9, 2025, 10:25am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.