tcpdump:snaplen设置为0但仍然得到“捕获期间数据包大小受限”?

Modified on: Fri, 08 Nov 2019 19:40:03 +0800

由于这个问题,我要在MySQL服务器后端嗅探一些数据包,看看会发生什么:

# tcpdump -vv -s0 -c 100 -i bond0 tcp port 3306 and host 192.168.3.87 -w /home/quanta/3.87_aborted.pcap

如您所见,我将snaplen设置为0,但仍然收到消息“捕获期间数据包大小受限”

MySQL Protocol
    Packet Length: 579
    Packet Number: 96
    text: 336
    text: 1004352
    text: 147619
    text: 336
[Packet size limited during capture: MySQL truncated]

我的界面上的卸载设置:

# ethtool -k bond0
Offload parameters for bond0:
Cannot get device rx csum settings: Operation not supported
rx-checksumming: off
tx-checksumming: on
scatter-gather: on
tcp segmentation offload: on
udp fragmentation offload: off
generic segmentation offload: off
generic-receive-offload: off


/proc/net/bonding/bond0 强>:

Ethernet Channel Bonding Driver: v3.4.0-1 (October 7, 2008)

Bonding Mode: adaptive load balancing
Primary Slave: None
Currently Active Slave: eth1
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:30:48:c3:20:be


回复@HeatfanJohn:

# ethtool -k eth1
Offload parameters for eth1:
Cannot get device udp large send offload settings: Operation not supported
rx-checksumming: on
tx-checksumming: on
scatter-gather: on
tcp segmentation offload: on
udp fragmentation offload: off
generic segmentation offload: off
generic-receive-offload: on


回复@Doon:

bond0     UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1

使用-s 1500进行嗅探也会显示:

 41  11.371783  192.168.6.7 -> 192.168.3.87 MySQL Response OK
 42  11.371974 192.168.3.87 -> 192.168.6.7  MySQL Request Ping
 43  11.371996  192.168.6.7 -> 192.168.3.87 MySQL Response OK
 44  11.378562 192.168.3.87 -> 192.168.6.7  MySQL Request Query
 45  11.379604  192.168.6.7 -> 192.168.3.87 MySQL Response
 46  11.402431 192.168.3.87 -> 192.168.6.7  MySQL Request Query
 47  11.402992  192.168.6.7 -> 192.168.3.87 MySQL Response[Packet size limited during capture]
作者:Community,quanta

最佳答案

这里是答案形式,正确的措辞:)我会尝试这个禁用分段卸载。启用它后,tcpdump很可能无法获得预期的结果。

- 亚光

作者:mcauth

相关问答

添加新评论