I am trying to capture tcpdump for traffic to a port in a file but this does not seem to capture all the packets. Command I use is :

tcpdump -w tdump.dat port 22

Why is it not capturing all the packets ?

Here is my experiment:
root@pmode-client6 adc-demo]# tcpdump port 22
tcpdump: listening on eth0
00:06:45.290838 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: . ack 4216814594 win 65415 (DF)
00:06:45.290865 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 1:69(68) ack 0 win 11792 (DF) [tos 0x10]
00:06:45.995979 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 1:69(68) ack 0 win 11792 (DF) [tos 0x10]
00:06:46.394715 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: . ack 69 win 65347 (DF)
00:06:46.394750 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 69:513(444) ack 0 win 11792 (DF) [tos 0x10]
00:06:46.795739 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: . ack 513 win 64903 (DF)
00:06:46.795751 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 513:809(296) ack 0 win 11792 (DF) [tos 0x10]
00:06:47.300580 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: . ack 809 win 64607 (DF)
00:06:47.300590 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 809:1105(296) ack 0 win 11792 (DF) [tos 0x10]
00:06:47.697982 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: . ack 1105 win 64311 (DF)
00:06:47.697993 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 1105:1401(296) ack 0 win 11792 (DF) [tos 0x10]
00:06:48.106128 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: . ack 1401 win 65535 (DF)
00:06:48.106137 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 1401:1697(296) ack 0 win 11792 (DF) [tos 0x10]
00:06:48.598476 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: . ack 1697 win 65239 (DF)
00:06:48.598483 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 1697:1993(296) ack 0 win 11792 (DF) [tos 0x10]
00:06:49.007872 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: . ack 1993 win 64943 (DF)
00:06:49.007884 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 1993:2289(296) ack 0 win 11792 (DF) [tos 0x10]
00:06:49.512090 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: . ack 2289 win 64647 (DF)
00:06:49.512100 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 2289:2585(296) ack 0 win 11792 (DF) [tos 0x10]
00:06:49.913489 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: . ack 2585 win 64351 (DF)
00:06:49.913496 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 2585:2881(296) ack 0 win 11792 (DF) [tos 0x10]
00:06:50.315388 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: . ack 2881 win 65535 (DF)
00:06:50.315401 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 2881:3177(296) ack 0 win 11792 (DF) [tos 0x10]
00:06:50.813982 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: . ack 3177 win 65239 (DF)
00:06:50.813989 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 3177:3473(296) ack 0 win 11792 (DF) [tos 0x10]
00:06:51.042979 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: P 0:88(88) ack 3177 win 65239 (DF)

26 packets received by filter
0 packets dropped by kernel

[root@pmode-client6 adc-demo]# tcpdump -w tdump.dat port 22
tcpdump: listening on eth0

6 packets received by filter
0 packets dropped by kernel
[root@pmode-client6 adc-demo]# tcpdump -r tdump.dat port 22
00:08:56.741761 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 4216835054:4216835106(52) ack 3917910214 win 11792 (DF) [tos 0x10]
00:08:57.157589 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: . ack 52 win 65483 (DF)
00:08:57.157610 172.21.76.96.ssh > sjc-vpn6-65.cisco.com.2654: P 52:120(68) ack 1 win 11792 (DF) [tos 0x10]
00:08:57.562987 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: . ack 120 win 65415 (DF)
00:09:06.055469 sjc-vpn6-65.cisco.com.2654 > 172.21.76.96.ssh: P 1:89(88) ack 120 win 65415 (DF)

Both the commands were run for 10 secs. In fact I ran the command with -w option for 15 secs but still the captured packets in the dump are are just 6 compared to 26 packets without the file save option. Any reason ? What I can I do to capture all ?

-Satish