We're now a non-profit! Support open source packet analysis by making a donation.

Wireshark-dev: Re: [Wireshark-dev] How to push packets into libpcap (Linux) ?

From: Jaap Keuter <[email protected]>
Date: Fri, 19 Feb 2010 20:54:59 +0100
On Thu, 18 Feb 2010 17:12:31 +0200, Ori Finkelman <[email protected]>
> Hi,
> My Linux kernel module can sometimes drop packets on their way out (at
> the IP layer).
> However, I would like to be able to catch these packets in wireshark
> even though I am dropping them.
> Is there any way I can push an sk_buff directly into libpcap so I will
> get it into wireshark ?
> Thanks,
> Ori


Maybe ulogd from netfilter can help you here.
See: http://netfilter.org/projects/ulogd/index.html