Re: socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL) behaviour
This is from F13.
[root@nidula ~]# strace -f -etrace=socket /usr/sbin/tcpdump -i eth1
socket(PF_PACKET, SOCK_RAW, 768) = 3
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4
So there is nothing wrong with socket(PF_PACKET, SOCK_RAW,...
and your third arg to socket looks correct.
Maybe it's time you checked the errno !
There is a chance that you need to deal with either SELinux or else the capabilities.
See pscap and getcap
Last edited by stevea; 1st August 2010 at 03:57 PM.