Re: Packet capturing, iptables and eth0 vs. dummy0

From: Harald Welte
Date: Wed Nov 17 2004 - 16:59:02 EST

Next message: Martin Josefsson: "Re: Packet capturing, iptables and eth0 vs. dummy0"
Previous message: Greg KH: "Re: hotplug_path no longer exported"
In reply to: DervishD: "Packet capturing, iptables and eth0 vs. dummy0"
Next in thread: DervishD: "Re: Packet capturing, iptables and eth0 vs. dummy0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 17, 2004 at 09:30:33PM +0100, DervishD wrote:
> Hi all :)

Hi!

please send netfilter/iptables related questions to the respective
lists:
netfilter@xxxxxxxxxxxxxxxxxxx (for user questions)
netfilter-devel@xxxxxxxxxxxxxxxxxxx (for development issues)

> I've noticed that, no matter what filtering is iptables doing,
> tcpdump gets all packets from interface eth0 as seen in the bus,

This is correct. iptables is a IPv4 packet filter. It is part of the
IPv4 stack. tcpdump uses PF_PACKET which attaches right above the
NIC driver, therefore you capture packets way before they enter the IPv4
stack.

> Raúl Núñez de Arenas Coronado
--
- Harald Welte <laforge@xxxxxxxxxxxx> http://www.gnumonks.org/
============================================================================
Programming is like sex: One mistake and you have to support it your lifetime

Attachment: signature.asc
Description: Digital signature

Next message: Martin Josefsson: "Re: Packet capturing, iptables and eth0 vs. dummy0"
Previous message: Greg KH: "Re: hotplug_path no longer exported"
In reply to: DervishD: "Packet capturing, iptables and eth0 vs. dummy0"
Next in thread: DervishD: "Re: Packet capturing, iptables and eth0 vs. dummy0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]