tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

(Question) Is it possible to capture outgoing raw packets on Linux?

From: Viet Hoang Tran <hoang.tran () uclouvain be>
Date: Sat, 25 Nov 2017 10:57:23 +0000

Hello everyone,

I have a network application on Linux that creates connections by socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)).

The connection setup and transfer worked, but when I capture traffic by tcpdump, it only shows incoming packets but not 
outgoing ones (e.g. for TCP, it captured SYN/ACK but not SYN and third ACK). I did try to specify the interface (-i 
eth0) instead of "-i any", and did not specify 'tcp' filter, but it didn't help.

Then I switched to tshark but the same issue happened so it might be related to libpcap. I post the question here since 
I cannot find the libpcap mailing list.

I don't know it if there is anything I missed, or if not then what could be the solution/workaround for this?

Thank you for your help!

Regards,
Hoang
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: