TCDump Missing packets

We use TCPDump on an RPI to capture WiFi signals from nearby devices as a means to get an estimate of number of people.

We have notice the on "normal" days the numbers are reasonably accurate but for a couple of times where we had much larger numbers of people the counted devices are no where close to what should be counted.

I have read a couple of articles saying the default buffer size may be to low for when we see large numbers of devices and will need to be increased. Does thsi sound correct and if so any idea on what size buffer would be a good place to start?

The Raspberry Pi 3B's network bandwidth (wired and wireless) is less than half the bandwidth of the saturated network, so if it gets busy, the pi will drop packets.

As the other answer suggests, you might be better off using another tool to get a machine count. Possible sources would be:

• ARP tables on the pi (maybe -- and this data times out in ~5 minutes)
• dhcp logs (from the router?)
• NAT gateway logs

This sounds like an XY problem. I think you'll get better answers for your question from something like NetFlow, or dumping your NAT tables periodically, instead of trying to slurp everything off the wire.