First you need to have scapy installed. And if you don’t know about scapy, then
Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc
So, just install scapy
dnf install PyX scapy
Once done, start scapy so that you can capture and see the packet in pdf.
Found a simple method to check for all the packets dropped by kernel.
First you need to install dropwatch with
dnf install dropwatch
and details of the package
Name : dropwatch
Arch : x86_64
Epoch : 0
Version : 1.4
Release : 13.fc24
Size : 27 k
Repo : fedora
Summary : Kernel dropped packet monitor
URL : http://fedorahosted.org/dropwatch
License : GPLv2+
Description : dropwatch is an utility to interface to the kernel to monitor for dropped
: network packets.
Once that is done, you will see the kernel address. How do you map those to kernel functions, refer Get kernel function name from kernel address.
If you are using pmap or using strace and want to covert kernel address to function name then you can use the following technique.
First you need to install elfutils, if not installed.
dnf install elfutils
and after this you can use the following command
eu-addr2line -f -e /boot/vmlinuz-$(uname -r) <addr>
eu-addr2line -f -e /boot/vmlinuz-$(uname -r) 00007f36a8045000