I need to watch for new connections accept() TTL and collect them for further investigation.
tcpdump can show TTL for packets, but can't show only accept() connections. I've tried iovisor/bcc and tcpaccept is doing well, but doesn't show TTL.
Cloudflare has great post about extracting TTL from connection, but it works only with socket you've created.
Does anybody know how make this right?
UPDATED: not accept() but inet_csk_accept()
As a result of this question I've written a post.
tcpdump can be used to get TTL, but it makes it for every packet and to get TTL for inet_csk_accept() we need to go deeper with eBPF, so I've created an issue at iovisor/bcc repo.