This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Reported network utilization with and without tcpdump running on bridge

I've noticed a pronounced increase in the reported network/bandwidth utilization on 9.00.4-33 when tcpdump is running on a bridged interface and an apparent under-reporting of network/bandwidth utilization when tcpdump is not running.

When tcpdump is not running the dashboard utilization is low ~1kbps. When tcpdump is running it jumps to a more expected ~956Mbps. The same difference appears in the network usage reporting.

tcpdump command: "tcpdump -i br0 -n > /dev/null"

The test enviroment:
The UTM software is configured with 2 interfaces bridged and rules passing all (any ips, any ports, any ips).

Two client systems on the same subnet (192.168.16.0/24). Web server running on one with curl repeatedly downloading a 1G file from the other.

This thread was automatically locked due to age.

0 BarryG over 12 years ago

FWIW, tcpdump will put the interfaces in promiscous mode (although tcpdump has an option to not do that).

There may be an issue with the network monitor for bridged mode.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 hopkins.103 over 12 years ago

I've upgraded to 9.005-16 and am no longer seeing the higher traffic report when running tcpdump on the production system. I have yet to check this particular test system.
Cancel
Vote Up 0 Vote Down

Cancel
0 hopkins.103 over 12 years ago in reply to hopkins.103

I was wrong, traffic reporting appears to still work poorly on a bridged interface.
Cancel
Vote Up 0 Vote Down

Cancel