dwdump

NAME

dwdump - dump kernel dropped packets to a file

SYNOPSIS

dwdump [ OPTIONS ]

OPTIONS

-w, --write FILE

Dump packets to provided file in pcap format. Defaults to standard output.

-t, --trunc LENGTH

Ask the kernel to truncate packets to provided length. Defaults to no truncation.

-q, --query

Query the kernel for current configuration and exit.

-l, --limit LIMIT

Ask the kernel to set the per-CPU packet queue limit to provided limit. Defaults to 1,000 packets.

-p, --passive

Only listen on notified packets with no configuration. This is useful if the kernel is already monitoring dropped packets and you only want to open another listening socket.

-s, --stats

Query the kernel for statistics and exit.

-b, --bufsize SIZE

Set the socket’s receive buffer to provided size. Defaults to 1MB.

-o, --origin { sw | hw }

Ask the kernel to only monitor software or hardware originated drops. Defaults to both. See devlink-trap(8) for details on how to get hardware originated drops to the kernel.

-e, --exit

Ask the kernel to stop monitoring and exit.

EXAMPLES

dwdump -w drops.pcap

Dump dropped packets to a file.

dwdump | tshark -V -r -

Pipe dropped packets to Wireshark.

dwdump -o sw -w drops.pcap

Only monitor software originated drops.

dwdump -q

Query current configuration from the kernel and exit.

SEE ALSO

dropwatch(1), devlink-trap(8), tshark(1),