Re: Packet capturing, iptables and eth0 vs. dummy0

From: Don Lafontaine
Date: Thu Nov 18 2004 - 01:54:19 EST

Next message: H. Peter Anvin: "PATCH: Altivec support for RAID-6"
Previous message: Chuck Ebbert: "Re: Linux 2.6.9-ac9"
In reply to: DervishD: "Re: Packet capturing, iptables and eth0 vs. dummy0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

That's because when you try locally, you end up using lo0, not eth0.

On Wed, 17 Nov 2004 21:30:33 +0100, DervishD <lkml@xxxxxxxxxxxx> wrote:
> Hi all :)
>
> I've noticed that, no matter what filtering is iptables doing,
> tcpdump gets all packets from interface eth0 as seen in the bus, but
> doesn't do the same in dummy0. I'll explain it further...
>
> Let's say that I'm filtering all incoming TCP SYN packets on all
> interfaces that have a destination port of 6666 (for example), and
> I'm listening, with tcpdump, to all packets in eth0. Well, I use
> another computer to try to connect to port 6666 of the machine
> running tcpdump and the packet filter, and obviously I'm unable to
> connect (without the filter I can do it normally), but I see the SYN
> packets in the output of tcpdump.
>
> If I do exactly the same from the machine running tcpdump and the
> filter, I cannot connect (without the filter I can), but no output
> comes from tcpdump, which is exactly what I expected in the case
> explained in the paragraph above.
>
> Is is normal? Is normal that tcpdump shows packets before they
> enter the filter when the interface is a real one (eth0) but no when
> you access through a dummy interface or localhost, or am I missing
> anything?
>
> Thanks a lot in advance :)
>
> Raúl Núñez de Arenas Coronado
>
> --
> Linux Registered User 88736
> http://www.dervishd.net & http://www.pleyades.net/
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

--
Don Lafontaine
http://www.avsim.com/hangar/utils/freefd
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: H. Peter Anvin: "PATCH: Altivec support for RAID-6"
Previous message: Chuck Ebbert: "Re: Linux 2.6.9-ac9"
In reply to: DervishD: "Re: Packet capturing, iptables and eth0 vs. dummy0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]