By definition, Onload is a kernel bypass technology and this prevents packets from being captured by packet sniffing applications such as tcpdump, netstat and wireshark.
Onload supports the
onload_tcpdump application that supports packet capture from onload stacks to a file or to be displayed on standard out (stdout). Packet capture files produced by
onload_tcpdump can then be imported to the regular tcpdump, wireshark or other third party application where users can take advantage of search and analysis features.
Onload_tcpdump allows for the capture of all TCP
and UDP unicast and multicast data sent or received via Onload stacks - including shared stacks.