I'm analizing the logs on specific interface and wondering why this command during small load-test:
tcpdump -i enp21s0f0 -s0 -w /tmp/dump2.cap`
catched only 75 MB, when
ethtool -S enp21s0f0 / ifconfig enp21s0f0
showed about 80 MB of data(I compared rx_bytes&tx_bytes before and after the test to get this value).
After that I did the same test for one ARP packet(for several times) and tcpdump catched 64 bytes, but ethtool showed 68 bytes. So, what contains in these 4 bytes and is it possible to catch these bytes? Or, at least, to prognize them?