If tcpdump
is not fast enough to pop out captured packets from the queue, the kernel could drop some of them.
Look at the "XXXX packets dropped by kernel" message at the end of the dump to see if effectively some of them is lost.
Ensure to add the -n
option to the command line. This will avoid DNS resolving and it will speed up a little (depending on your network)