| Home | Register | Members | Search | Links |
 |
| Thread Tools | Display Modes |
|
Guest
Posts: n/a
|
Hello
Does tcpdump on an interface see the packets that are filtered out by iptables rules? Does it matter if it's in INPUT or FORWARD chain? This is probably documented somewhere but I can't find (I do not feel up to reading kernel source  Thank a lot Alex |
|
|
|
|||
|
|
| |
|
Guest
Posts: n/a
|
AlexZ wrote:
> Hello > > Does tcpdump on an interface see the packets that are filtered out by > iptables rules? Does it matter if it's in INPUT or FORWARD chain? No and yes. From the man page: Tcpdump prints out the headers of packets on a network interface that match the boolean expression. Note that it only listens on an interface - i.e. the point at which the packets enter or leave the computer. If you know your iptables then you know that only the ouput chain of any table is filtered; the correct sequence (for the standard filter table) is: wire -> NIC -> tcpdump -> INPUT chain and OUPUT chain -> tcpdump -> NIC -> wire. tcpdump listens in between the NIC and the iptables kernel code. > This is probably documented somewhere but I can't find (I do not feel > up to reading kernel source Then don't; even though iptables functionality is included in the kernel the actual program is on www.netfilter.org. Go there and be edified. -- Jeroen Geilman Analog bits courtesy of adaptr. |
|
|
|
|
|||
|
Guest
Posts: n/a
|
Jeroen Geilman <(E-Mail Removed)> wrote in message news:<0mlfo1-(E-Mail Removed)>...
> AlexZ wrote: > > > Hello > > > > Does tcpdump on an interface see the packets that are filtered out by > > iptables rules? Does it matter if it's in INPUT or FORWARD chain? > > No and yes. > > From the man page: > > Tcpdump prints out the headers of packets on a network interface > that match the boolean expression. > > Note that it only listens on an interface - i.e. the point at which the > packets enter or leave the computer. Thanks a lot. This note is missing from tcpdump 3.6 on redhat 7.2 I do enjoy reading well written docs - and netfilter guides are among my favorites Alex > If you know your iptables then you know that only the ouput chain of any > table is filtered; the correct sequence (for the standard filter table) is: > > wire -> NIC -> tcpdump -> INPUT chain > > and > > OUPUT chain -> tcpdump -> NIC -> wire. > > tcpdump listens in between the NIC and the iptables kernel code. > > > This is probably documented somewhere but I can't find (I do not feel > > up to reading kernel source > > Then don't; even though iptables functionality is included in the kernel > the actual program is on www.netfilter.org. > Go there and be edified. |
|
|
|
|
|||
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Why can tcpdump not capture all packets | zhengda | Linux Networking | 0 | 03-16-2008 12:10 PM |
| SMTP Packets Filtered By Router | mcgheeiv@yahoo.com | Network Routers | 0 | 12-12-2005 02:02 PM |
| Looking for iptables applications code (iptables.c) to run some rules to forward packets | tvnaidu@yahoo.com | Linux Networking | 2 | 01-17-2005 05:01 PM |
| nmap shows port filtered, but iptables/ipchains not running | Jeff Krimmel | Linux Networking | 3 | 06-27-2004 07:28 PM |
| IPsec tunneling problem: tcpdump and iptables see unencrypted traffic | Jurjen Oskam | Linux Networking | 0 | 05-23-2004 02:39 PM |
Linear Mode
