Is there a way (using raw sockets or otherwise) to get the TCP sequence numbers used by a process. So for example if a process is active and has an active TCP connection, is it possible to get the TCP sequence numbers for that process from the time the process was started, or at least the last acknowledgement number it received or sent? If so how do I do that using C or any low level language?
In effect, can:
Or
Of the options mentioned already, libpcap is the best as it offers you a close to platform-independent way of capturing packets.
However, another option on Linux and that I have grown fond of, is to use the iptables NFQUEUE target to send the packets you are interested in to userspace (possibly in combination with tee). With this technique, you can use the powers of iptables to only get the packets that you are interested in (for example SYN or some random packets based on probability).
An example of how to use NFQUEUE is here and here. Use NFQUEUE in the raw table to make sure all packets are evaluated. Libnetfilter_queue should be used to ease the process of receiving packets.