By definition, Onload is a kernel bypass technology and this prevents packets from being captured by packet sniffing applications such as tcpdump, netstat and wireshark.
Onload supports the onload_tcpdump application that supports packet capture from onload stacks to a file or to be displayed on standard out (stdout). Packet capture files produced by onload_tcpdump can then be imported to the regular tcpdump, wireshark or other third party application where users can take advantage of search and analysis features.
Onload_tcpdump allows for the capture of all TCP
and UDP unicast and multicast data sent or received via Onload stacks - including shared stacks.
Note:
Onload tcpdump is not a replacement for the standard Linux tcpdump utility. Onload tcpdump captures traffic only from Onload stacks.