I had a machine within a gigabit ethernet environment and tried to check the network traffic with
tcpdump -i eth0
The outcome was staggering:
45 packets captured
7509 packets received by filter
7392 packets dropped by kernel
This is quite a high packet loss rate. After some “debugging” I found that tcpdump tries to look up the domain names for all the IP addresses it sees. So therefor it’s necessary to use the -n option:
tcpdump -i eth0 -n
does result in
27105 packets captured
29008 packets received by filter
1893 packets dropped by kernel
This is better but there is still some packet loss left due to tcpdump writing all it’s output to the terminal. If you do use a slow painting terminal (like the KDE konsole), then you will see quite a high packet loss. In order to avoid this, you must redirect the output to file using
tcpdump -i eth0 -n > output.txt
which does result in
43332 packets captured
43332 packets received by filter
0 packets dropped by kernel