Hello Steinar Haug, Thanks for your confirmation. I tried other packet generators and tcpdump worked correctly. Then I realised in our program, there is PACKET_QDISC_BYPASS enabled. After disabling it, libpcap could capture outgoing packets also.
Hope that helps others struggling on the issue like us. Bests, Hoang, PhD student, UCLouvain ________________________________________ From: sth...@nethelp.no <sth...@nethelp.no> Sent: 25 November 2017 12:31 To: Viet Hoang Tran Cc: tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] (Question) Is it possible to capture outgoing raw packets on Linux? > The connection setup and transfer worked, but when I capture traffic by > tcpdump, it only shows incoming packets but not outgoing ones (e.g. for TCP, > it captured SYN/ACK but not SYN and third ACK). I did try to specify the > interface (-i eth0) instead of "-i any", and did not specify 'tcp' filter, > but it didn't help. > > Then I switched to tshark but the same issue happened so it might be related > to libpcap. I post the question here since I cannot find the libpcap mailing > list. It is certainly not a generic Linux problem. We run # tcpdump --version tcpdump version 4.9.0 libpcap version 1.7.4 on Ubuntu 16.04.3 LTS, capturing incoming and outgoing traffic on the eno1 interface with no problems. Steinar Haug, Nethelp consulting, sth...@nethelp.no _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
