As you pointed out, there is nothing in the documentation about the "packets dropped by interface" counter. So we need some source code digging.
From the source code of tcpdump, the interface drop counter is extracted from stats.ps_ifdrop
:
if (stats.ps_ifdrop != 0) {
if (!verbose)
fputs(", ", stderr);
else
putc('\n', stderr);
(void)fprintf(stderr, "%u packet%s dropped by interface\n",
stats.ps_ifdrop, PLURAL_SUFFIX(stats.ps_ifdrop));
From man pcap_stats:
ps_ifdrop
number of packets dropped by the network interface or its driver.
And from the libpcap source code:
* "ps_ifdrop" is supported. It will return the number
* of drops the interface reports in /proc/net/dev,
* if that is available.
So the tcpdump "packets dropped by interface" counter corresponds to the packets logged as dropped in /proc/net/dev
during the tcpdump
capture.
The meaning of the /proc/dev/net
fields are explained here
To get a better understanding of the drops, I would start by looking at the following statistics:
ethtool -S <interface>
grep '' /sys/class/net/<interface>/statistics/*
I would use
sudo tcpdump -i eth0 -s 0 -w tcpdump.pcap host hostA and udp
to up the length to "a lot", write the data to a file and use host
rather than src
to capture the data in both directions. Essentially you are missing the word and
between src
and udp
.
Best Answer
https://facebook.com redirects to https://www.facebook.com which has a different IP Address than facebook.com. There is also ssl.facebook.com but I am not sure what it is used for:
For java.com on the other hand the entries are the same for both www.java.com and java.com: