Return-Path: <linux-kernel-owner+willy=40w.ods.org-S262531AbUKQVDd@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S262531AbUKQVDd (ORCPT <rfc822;willy@w.ods.org>);
	Wed, 17 Nov 2004 16:03:33 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262547AbUKQVAw
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Wed, 17 Nov 2004 16:00:52 -0500
Received: from null.rsn.bth.se ([194.47.142.3]:43222 "EHLO null.rsn.bth.se")
	by vger.kernel.org with ESMTP id S262546AbUKQVAG (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 17 Nov 2004 16:00:06 -0500
Subject: Re: Packet capturing, iptables and eth0 vs. dummy0
From: Martin Josefsson <gandalf@wlug.westbo.se>
To: DervishD <lkml@dervishd.net>
Cc: Linux-kernel <linux-kernel@vger.kernel.org>
In-Reply-To: <20041117203033.GA7907@DervishD>
References: <20041117203033.GA7907@DervishD>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-vLj92XofDXwNuq/DDt9X"
Message-Id: <1100725201.20185.16.camel@tux.rsn.bth.se>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 
Date: Wed, 17 Nov 2004 22:00:01 +0100
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1885
Lines: 55


--=-vLj92XofDXwNuq/DDt9X
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

On Wed, 2004-11-17 at 21:30, DervishD wrote:
>     Hi all :)
>=20
>     I've noticed that, no matter what filtering is iptables doing,
> tcpdump gets all packets from interface eth0 as seen in the bus, but
> doesn't do the same in dummy0. I'll explain it further...

[snip]

>     If I do exactly the same from the machine running tcpdump and the
> filter, I cannot connect (without the filter I can), but no output
> comes from tcpdump, which is exactly what I expected in the case
> explained in the paragraph above.
>=20
>     Is is normal? Is normal that tcpdump shows packets before they
> enter the filter when the interface is a real one (eth0) but no when
> you access through a dummy interface or localhost, or am I missing
> anything?

Try sniffing on the 'lo' interface instead of 'dummy0' since all packets
generated by the local machine destined for the local machine goes via
the =B4lo' interface. ipaddresses looks like they belong to interfaces but
that's not the case with linux, they belong to the machine.

'ip route list table local'

All packets destined for entries marked as "local" will go through the
'lo' interface.=20

--=20
/Martin

--=-vLj92XofDXwNuq/DDt9X
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBBm7vRWm2vlfa207ERAha6AKCnxnkynQvUyGkXwLHn0ETacF3FgQCgxyS4
GZxMoGEE8ypBZynBEvNXcYY=
=fX3w
-----END PGP SIGNATURE-----

--=-vLj92XofDXwNuq/DDt9X--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/