5

When an outgoing packet is captured by tcpdump, will it 100% be sent out, and not be dropped by kernel? Does tcpdump intercept on packet delivering path before or after kernel does any/all filtering work?

My question comes from such a case I met: I set socket timeout to a short time, and the tcp handshaking timeoutted right at the first SYN. Running tcpdump on both sender and receiver side, the only result I found was the sender side generated one SYN. The receiver side tcpdump got nothing.

Does it infer the packet is dropped by nic, switch or router, not the kernel itself?

xywang
  • 389
  • 1
  • 2
  • 12
  • I am not 100% sure about this, but I believe it does mean filtering would have been done by some intermediate node. What devices are there on the path between sender and receiver? – kasperd Oct 04 '15 at 15:50
  • @kasperd They are connected to a cisco switch Nexus 5672UP. firewalld.service on sender and receiver are both turned off. – xywang Oct 05 '15 at 01:15

1 Answers1

2

Duplicate question will-tcpdump-see-packets-that-are-being-dropped-by-iptables

tcpudmp sees the packets whether they are filtered by iptables or not, and does not show any different output whether they are dropped or not.

Community
  • 1
Peter
  • 1,247
  • That is not the same question. One is about incoming packets the other is about outgoing packets. – kasperd Oct 05 '15 at 06:34