(new related group 1)


Voriges Thema

Nächstes Thema


Tcpdump will help you debug network issues by capturing packets from up to 4 individual network interfaces.

Network capture files grow extraordinarily fast.

  • You can use compression to reduce capture file size, but it may impact system performance.
  • As soon as you know what you are looking for you can use tcpdump filter expressions to reduce capture file size.

Using the Netlog facility, it is possible to copy capture files to a subdirectory, triggered by an error in another log, so the captures before and after the error will be preserved for your analysis.

You can use Wireshark on an external system for analyzing capture files.

Find out more about Tcpdump from its homepage.


IGEL Setup > Registry


> Resolve addresses/ports to names


enabled / disabled




IGEL Setup > Registry


> Compression Method


lzop, gzip, bzip2, xz


The compression method affects file size as well as system performance while compressing. The default lzop methiod is relatively light on the CPU.


IGEL Setup > Registry


> Interface for tcpdump logging


user editable string / eth0




IGEL Setup > Registry


> Number of Rotate Files


3 ... 10


Number of files to be kept while rotating.


IGEL Setup > Registry


> Only Log Package Headers


enabled / disabled




IGEL Setup > Registry


> Enable promisc tcpdump logging


enabled / disabled


Enable promiscuous mode on the network interface to also capture packets not intended for this host.


IGEL Setup > Registry


> Logfile rotate size in MiB


10, 15 ,20 ,25 ,30 , 40


Rotate when the size of the uncompressed file reaches this size in MiB.


IGEL Setup > Registry


> Logfile rotate time in s


0 / user editable integer


Time in seconds after which the logfile is rotated and compressed. If set to 0 no time-based rotation happens.


IGEL Setup > Registry


> Additional Parameters for tcpdump


user editable string


Use with care.


IGEL Setup > Registry


> Enable tcpdump


enabled / disabled




IGEL Setup > Registry


> tcpdump filter expression


user editable string


Tcpdump filter expression. For the expression syntax, see the pcap-filter(7) manpage.