I’m writing a Wireshark Dissector for IPSET’s protocol. Commands below are to capture netlink packets using tcpdump.
|
1 2 3 4 5 6 7 |
modprobe nlmon ip link add type nlmon ip link set nlmon0 up tcpdump -i nlmon0 -s 0 -w nlmon.pcap ip link set nlmon0 down ip link del dev nlmon0 rmmod nlmon |
TCPDUMP Capture Netlink Packets by @sskaje: https://sskaje.me/2017/04/tcpdump-capture-netlink-packets/
Link to this post!