What buffer size is needed so that packets are not dropped?

[kerogaz]

tcpdump -B 4096    -i igb3 | grep 10.44.1.170
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on igb3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
^C16 packets captured
71555 packets received by filter
69661 packets dropped by kernel

 

[SirDice]

Do the filtering with tcpdump(1) not grep. You can actually pass a BPF filter, so it'll only capture packets you're interested in.
tcpdump -i igb3 host 10.44.1.170

 

[kerogaz]

Thanks. Now its all right

tcpdump -i igb3 host  10.44.1.170
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on igb3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:23:19.471527 IP 183.197.190.73.21504 > 10.44.1.170.10824: UDP, length 285
13:23:19.474934 IP 50-130-179-143.ftth.glasoperator.nl.6518 > 10.44.1.170.10824: UDP, length 20
13:23:19.475084 IP 10.44.1.170.10824 > 50-130-179-143.ftth.glasoperator.nl.6518: UDP, length 62
13:23:19.503202 IP static.122.181.69.159.clients.your-server.de.6881 > 10.44.1.170.10824: UDP, length 287
13:23:19.526274 IP 10.44.1.170.10824 > ppp079167209141.access.hol.gr.41963: UDP, length 1438
^C13:23:19.526396 IP 10.44.1.170.10824 > 102.210.87.236.43298: UDP, length 1438

6 packets captured
55846 packets received by filter
0 packets dropped by kernel

 

[QuesoGrande]

Thanks for a bit of clarification of tcpdump filtering ... I was just contemplating this, but Sir Dice's reply saves me a lot of time!!