Hello Steinar Haug,
Thanks for your confirmation. I tried other packet generators and tcpdump
worked correctly.
Then I realised in our program, there is PACKET_QDISC_BYPASS enabled. After
disabling it, libpcap could capture outgoing packets also.
Hope that helps others struggling on the issue like us.
Bests,
Hoang,
PhD student, UCLouvain
From: sth...@nethelp.no
Sent: 25 November 2017 12:31
To: Viet Hoang Tran
Cc: tcpdump-workers@lists.tcpdump.org
Subject: Re: [tcpdump-workers] (Question) Is it possible to capture outgoing
raw packets on Linux?
> The connection setup and transfer worked, but when I capture traffic by
> tcpdump, it only shows incoming packets but not outgoing ones (e.g. for TCP,
> it captured SYN/ACK but not SYN and third ACK). I did try to specify the
> interface (-i eth0) instead of "-i any", and did not specify 'tcp' filter,
> but it didn't help.
>
> Then I switched to tshark but the same issue happened so it might be related
> to libpcap. I post the question here since I cannot find the libpcap mailing
> list.
It is certainly not a generic Linux problem. We run
# tcpdump --version
tcpdump version 4.9.0
libpcap version 1.7.4
on Ubuntu 16.04.3 LTS, capturing incoming and outgoing traffic on the
eno1 interface with no problems.
Steinar Haug, Nethelp consulting, sth...@nethelp.no
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
