dropping of packets

[Celia Clark <cclark () ics mq edu au>]

Hi

I am writing my thesis on intrusion detection systems, and among others, I am using 
tcpdump to analyse traffic on the target host in the test network.
I am trying to send spurious packets so that the target host will discard these kind of packets.  I have seen that 
tcpdump will at the end of a trace give the number of packets that have been dropped by the kernel, but this does not 
seem to have any relation to packets being discarded because of their malicious nature. 
I am running Red Hat, and I would like to know which process in the OS that takes care of discarding. If TCPdump is 
interacting with the protocol stack via the application layer, should it not be the case that TCPdump should not be 
able to sniff malicious datagrams as they should have been discarded by the network layer already?
Hope someone out there could knows the answer to this, and is willing to help me, 

Thanks, 

Celia Clark