[Yeti DNS Discuss] dnscap losing packets?
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Jun 17 12:29:33 UTC 2015
On Thu, Jun 11, 2015 at 09:27:31PM +0200,
Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote
a message of 41 lines which said:
> On my root name server, I observe that the pcaps we upload contain
> only a part of the packets we handle, mostly answers.
>
> Running dnscap by hand, I indeed see a disturbing phenomenon. While
> tcpdump is happy and see both queries and answers:
...
> dnscap sees only some, mostly the answers:
I tried with pcapdump <https://packages.debian.org/sid/pcaputils> and
everything was fine, all the traffic is captured. Which leads me to:
* assume that my kernel is OK and the problem is in dnscap
* as soon as I have five minutes, I rewrite capture-dnscap.sh as
capture-pcapdump.sh
More information about the discuss
mailing list