|
|
|
|
|
|
by aeonik
1170 days ago
|
|
|
I can speak for tcpdump and the answer is no. It only looks at the network interface. Something I often want to do is catch which process sent a few UDP packets. Netstat and ss won't catch it because it's too short of a time frame, and tcpdump doesn't contain any information about the kernel. I've been using opensnitch which uses eBPF rules to track this information lately, but I'm looking for something more flexible. |
|
|
Catching short lived processes and packets is one of the things I specialized picosnitch [1] for, which focuses strictly on monitoring.
[1] https://github.com/elesiuta/picosnitch