Your company here — click to reach over 10,000 unique daily visitors

dwdump - Man Page

dump kernel dropped packets to a file


dwdump [ Options ]


-w,  --write FILE

Dump packets to provided file in pcap format. Defaults to standard output.

-t,  --trunc LENGTH

Ask the kernel to truncate packets to provided length. Defaults to no truncation.

-q,  --query

Query the kernel for current configuration and exit.

-l,  --limit LIMIT

Ask the kernel to set the per-CPU packet queue limit to provided limit. Defaults to 1,000 packets.

-p,  --passive

Only listen on notified packets with no configuration. This is useful if the kernel is already monitoring dropped packets and you only want to open another listening socket.

-s,  --stats

Query the kernel for statistics and exit.

-b,  --bufsize SIZE

Set the socket's receive buffer to provided size. Defaults to 1MB.

-o,  --origin { sw | hw }

Ask the kernel to only monitor software or hardware originated drops. Defaults to both. See devlink-trap(8) for details on how to get hardware originated drops to the kernel.

-e,  --exit

Ask the kernel to stop monitoring and exit.


dwdump -w drops.pcap

Dump dropped packets to a file.

dwdump | tshark -V -r -

Pipe dropped packets to Wireshark.

dwdump -o sw -w drops.pcap

Only monitor software originated drops.

dwdump -q

Query current configuration from the kernel and exit.

See Also

dropwatch(1), devlink-trap(8), tshark(1),


Jan 2020 Ido Schimmel