Re: (Question) Is it possible to capture outgoing raw packets on Linux?

[Viet Hoang Tran <hoang.tran () uclouvain be>]

Hello Steinar Haug,

Thanks for your confirmation. I tried other packet generators and tcpdump worked correctly.
Then I realised in our program, there is PACKET_QDISC_BYPASS enabled. After disabling it, libpcap could capture 
outgoing packets also.

Hope that helps others struggling on the issue like us.

Bests,
Hoang, 
PhD student, UCLouvain
________________________________________
From: sthaug () nethelp no <sthaug () nethelp no>
Sent: 25 November 2017 12:31
To: Viet Hoang Tran
Cc: tcpdump-workers () lists tcpdump org
Subject: Re: [tcpdump-workers] (Question) Is it possible to capture outgoing raw packets on Linux?

> The connection setup and transfer worked, but when I capture traffic by tcpdump, it only shows incoming packets but 
> not outgoing ones (e.g. for TCP, it captured SYN/ACK but not SYN and third ACK). I did try to specify the interface 
> (-i eth0) instead of "-i any", and did not specify 'tcp' filter, but it didn't help.
>
> Then I switched to tshark but the same issue happened so it might be related to libpcap. I post the question here 
> since I cannot find the libpcap mailing list.

It is certainly not a generic Linux problem. We run

# tcpdump --version
tcpdump version 4.9.0
libpcap version 1.7.4

on Ubuntu 16.04.3 LTS, capturing incoming and outgoing traffic on the
eno1 interface with no problems.

Steinar Haug, Nethelp consulting, sthaug () nethelp no
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers