by Dear All,
I've been using tcpdump and tcpshow to monitor user
activity leaving my machine (a Linux box running Debian 1.1).
Recently, I wanted to learn how packet monitoring actually
worked, and wrote a simple C program. It opens a SOCK_PACKET socket
and listens to "eth0" in promiscous mode.
The problem is that the program picks up all the packets on the network
*except* the ones leaving my machine. Why?
Locally transmitted packets *can* be picked up -- that's what
tcpdump is doing. So how do I do it?
BTW, I know about libpcap and will start exploring its use
once I've upgraded my version of Linux.
- Andrew
----------------------------------------------------------------
Dept. of Computer Engineering Fax: +66 74 212 895
Prince of Songkla University Tel: +66 74 211 030 x2240
Hat Yai, Songkhla 90112, Thailand Telex: 62168 UNISONG TH
Web: http://fivedots.coe.psu.ac.th/~ad