Monitoring packets sent by my machine?

Monitoring packets sent by my machine?

Post by Andrew DAVISO » Thu, 30 Apr 1998 04:00:00

Dear All,

I've been using tcpdump and tcpshow to monitor user
activity leaving my machine (a Linux box running Debian 1.1).

Recently, I wanted to learn how packet monitoring actually
worked, and wrote a simple C program. It opens a SOCK_PACKET socket
and listens to "eth0" in promiscous mode.

The problem is that the program picks up all the packets on the network
*except* the ones leaving my machine. Why?

Locally transmitted packets *can* be picked up -- that's what
tcpdump is doing. So how do I do it?

BTW, I know about libpcap and will start exploring its use
once I've upgraded my version of Linux.

- Andrew


Dept. of Computer Engineering         Fax: +66 74 212 895
Prince of Songkla University          Tel: +66 74 211 030 x2240
Hat Yai, Songkhla 90112, Thailand     Telex: 62168 UNISONG TH


1. SPAK(Send PAcKets)- tools to send arbitrary packets


        That Subject title was posted to comp.os.linux.announce about a month
ago. Unfortunately I lost the url/ftp address of where to grab the
source for
this package. My isp no longer contains the article in its news cache
and I
was unable to locate it from dejanews ( it seems dejanews doesnt store
groups ). Anyhow - does anyone have this , or know where to go for the



2. msdos disk

3. alarm() does not work/ping only sends one packet on SMP machine (2.2.16)

4. Thread-safe booleans

5. How to send packets to another interface on the same machine

6. ANNOUNCE: WWW Page for Security Information

7. Sending Arp reply packets using packet-sockets on linux

8. Digiboard to TI Printer ???

9. How to send IP packet on a selected interface ?

10. Very starnge packet-send pauses..

11. RPC sending evil packet?

12. NS_TAP sockets and reading packets that are sent.

13. sending & detecting zero length TCP packets ... HELP!!!!