Date: Wed, 17 Nov 2004 21:30:33 +0100
From: DervishD <lkml@dervishd.net>
To: Linux-kernel <linux-kernel@vger.kernel.org>
Subject: Packet capturing, iptables and eth0 vs. dummy0
Message-ID: <20041117203033.GA7907@DervishD>
Mail-Followup-To: Linux-kernel <linux-kernel@vger.kernel.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.4.2.1i
Organization: DervishD
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1494
Lines: 36

    Hi all :)

    I've noticed that, no matter what filtering is iptables doing,
tcpdump gets all packets from interface eth0 as seen in the bus, but
doesn't do the same in dummy0. I'll explain it further...

    Let's say that I'm filtering all incoming TCP SYN packets on all
interfaces that have a destination port of 6666 (for example), and
I'm listening, with tcpdump, to all packets in eth0. Well, I use
another computer to try to connect to port 6666 of the machine
running tcpdump and the packet filter, and obviously I'm unable to
connect (without the filter I can do it normally), but I see the SYN
packets in the output of tcpdump.

    If I do exactly the same from the machine running tcpdump and the
filter, I cannot connect (without the filter I can), but no output
comes from tcpdump, which is exactly what I expected in the case
explained in the paragraph above.

    Is is normal? Is normal that tcpdump shows packets before they
enter the filter when the interface is a real one (eth0) but no when
you access through a dummy interface or localhost, or am I missing
anything?

    Thanks a lot in advance :)
    
    Ra?l N??ez de Arenas Coronado

-- 
Linux Registered User 88736
http://www.dervishd.net & http://www.pleyades.net/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/