Jag försöker att fånga tcpdump för trafik till en hamn i en fil men det verkar inte fånga alla paket. Kommando jag använder är:

tcpdump-w tdump.dat port 22

Varför går det inte att ta alla paket?

Här är mitt experiment:
root @ pmode-client6 adc-demo] # tcpdump port 22
tcpdump: lyssna på eth0
00:06:45.290838 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh:. ack 4216814594 win 65415 (DF)
00:06:45.290865 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 1:69 (68) ack 0 win 11792 (DF) [tos 0x10]
00:06:45.995979 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 1:69 (68) ack 0 win 11792 (DF) [tos 0x10]
00:06:46.394715 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh:. ack 69 win 65347 (DF)
00:06:46.394750 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 69:513 (444) ack 0 win 11792 (DF) [tos 0x10]
00:06:46.795739 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh:. ack 513 win 64903 (DF)
00:06:46.795751 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 513:809 (296) ack 0 win 11792 (DF) [tos 0x10]
00:06:47.300580 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh:. ack 809 win 64607 (DF)
00:06:47.300590 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 809:1105 (296) ack 0 win 11792 (DF) [tos 0x10]
00:06:47.697982 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh:. ack 1105 win 64311 (DF)
00:06:47.697993 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 1105:1401 (296) ack 0 win 11792 (DF) [tos 0x10]
00:06:48.106128 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh:. ack 1401 win 65535 (DF)
00:06:48.106137 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 1401:1697 (296) ack 0 win 11792 (DF) [tos 0x10]
00:06:48.598476 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh:. ack 1697 win 65239 (DF)
00:06:48.598483 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 1697:1993 (296) ack 0 win 11792 (DF) [tos 0x10]
00:06:49.007872 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh:. ack 1993 win 64943 (DF)
00:06:49.007884 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 1993:2289 (296) ack 0 win 11792 (DF) [tos 0x10]
00:06:49.512090 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh:. ack 2289 win 64647 (DF)
00:06:49.512100 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 2289:2585 (296) ack 0 win 11792 (DF) [tos 0x10]
00:06:49.913489 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh:. ack 2585 win 64351 (DF)
00:06:49.913496 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 2585:2881 (296) ack 0 win 11792 (DF) [tos 0x10]
00:06:50.315388 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh:. ack 2881 win 65535 (DF)
00:06:50.315401 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 2881:3177 (296) ack 0 win 11792 (DF) [tos 0x10]
00:06:50.813982 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh:. ack 3177 win 65239 (DF)
00:06:50.813989 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 3177:3473 (296) ack 0 win 11792 (DF) [tos 0x10]
00:06:51.042979 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh: P 0:88 (88) ack 3177 win 65239 (DF)

26 paket mottagits av filter
0 paket sjönk med kärna

[root @ pmode-client6 adc-demo] # tcpdump-w tdump.dat port 22
tcpdump: lyssna på eth0

6 paket mottagits av filter
0 paket sjönk med kärna
[root @ pmode-client6 adc-demo] # tcpdump-r tdump.dat port 22
00:08:56.741761 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 4216835054:4216835106 (52) ack 3917910214 win 11792 (DF) [tos 0x10]
00:08:57.157589 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh:. ack 52 win 65483 (DF)
00:08:57.157610 172.21.76.96.ssh> sjc-vpn6-65.cisco.com.2654: P 52:120 (68) ack 1 win 11792 (DF) [tos 0x10]
00:08:57.562987 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh:. ack 120 win 65415 (DF)
00:09:06.055469 sjc-vpn6-65.cisco.com.2654> 172.21.76.96.ssh: P 1:89 (88) ack 120 win 65415 (DF)

Båda kommandona kördes för 10 sek. Faktum är att jag körde kommandot med-w alternativ för 15 sek men den tagna paket i dumpfilen är bara 6 jämfört med 26 paket utan filen spara alternativ. Någon anledning? Vad jag kan jag göra för att fånga upp alla?

-Satish