|
|
|
|
|
|
by jcul
908 days ago
|
|
|
I'm not too familiar with eBPF (yet, keep meaning to dig into it). But I believe tcpdump just opens a AF_PACKET socket, and it will add a BPF filter if one is specified. I don't know enough to say how this relates to the eBPF stuff, but I think internally the kernel may convert the BPF program to eBPF. Edit: netpeek looks cool, thanks for sharing! |
|
|