Hi @nagmat,
You should consider that this is a P4-related forum and we might not have the time or knowledge to attend questions that are not specific to P4 or topics related to P4 (maybe SDN). I always try to answer if I think I can help. But consider that next time, other people might not be able to answer for the reason mentioned before 
. Still, I think this question could also be related to telemetry (INT) to some extent so let me try to answer you considering I might not have the best answer for them:
You could limit the mirrored packets to PSH or URG instead of SYN, ACK, FIN or RST.
If you mirror packets without changing destination MAC, IP, checksums… then your TCP server will never be able to process them because those packets are not meant for it (you can use wireshark while you use the method you mentioned in order to see which problem you server/PC is encountering). I also do not recommend changing those parameters. You should be able to filter and sniff only the packets you need. Sniffing all packets is not productive and optimal in pretty much any case. If you sniff X packets/s at your max sniffing capacity (say 10Gb/s), then imagine sniffing packets for a second host at the same time.
If you want to be fast do not use Scapy. I woudl only use spcay for single packet debugging, rather than many of them.
-
I cannot remeber if the Kernel discards packets that have another host’s MAC and IP address, but if you can see the packets in Wirehsark… then I would recommend to first capture all traffic in a pcap file for later debugging. Try to filter by protocol (TCP), source IP and and dst port for incoming packets. You can use something like
sudo tcpdump tcp and src 1.2.3.4 and dst port 12345 -i eth0 -w capture.pcap. I have not tested it but should be something like that command. I think that tcpdump is set to promiscuous mode by default, so a command like the one I wrote might work. -
Nowadays, I believe you should be able to sniff packets sent to other hosts and capture the traffic/payload of the data exchange but I have never programmed the server to do so. And I am not aware if you need any changes in the OS at a lower level, since buffering, IP and TCP processing are part of the Kernel. I know, however, about promiscuous mode when sniffing packets in Wifi. So you should have an option like this when programming raw sockets. See the next link for more information: https://levelup.gitconnected.com/write-a-linux-packet-sniffer-from-scratch-with-raw-socket-and-bpf-c53734b51850.
-
Alternatively, you could encapsulate the relevant packets in UDP. Let’s say… packets that contain relevant information for you, I assume PSH or URG. Maybe not SYN, ACK, RST or FIN packets. You could try to establish a lower MTU in the network so that TCP packets could be encapsulated into UDP packets and (maybe) be able to program a UDP server that can cope with the aforementioned data rate (or be close to), the one you achieved in your first tests. Do not use Scapy to sniff packets unless you do it with a minimal rate or to visualize the information of very few packets. Consider you are providing your applciation layer with raw packets that are slowly dissasembled and printed.
I hope I was not wrong in anything I wrote but if anyone spots a better way to capture packets or if I wrote anything wrong please write an answer.
Cheers,