How does tcpdump capture packets?

Updated 2021-04-21T14:19:49+00:00

Issue

  • How does tcpdump capture packets?
  • Where does libpcap get the packets?
  • How do offloading features affect pcap trace?
  • Which side of the iptables firewall are packets captured?

Environment

  • Red Hat Enterprise Linux
  • tcpdump, Wireshark, tshark, or other libpcap-based network packet capture method

Subscriber content preview. For full access to the Red Hat Knowledgebase, please log in.

Not a subscriber? Learn more about the benefits of Red Hat Subscriptions.