Re: socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL) behaviour
This is from F13.
[root@nidula ~]# strace -f -etrace=socket /usr/sbin/tcpdump -i eth1
socket(PF_PACKET, SOCK_RAW, 768) = 3
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
So there is nothing wrong with socket(PF_PACKET, SOCK_RAW,...
and your third arg to socket looks correct.
Maybe it's time you checked the errno !
There is a chance that you need to deal with either SELinux or else the capabilities.
See pscap and getcap
None are more hopelessly enslaved than those who falsely believe they are free.
Johann Wolfgang von Goethe
Last edited by stevea; 1st August 2010 at 04:57 PM.