Tcpdump before iptables?

[Sneppe Filip]

Radel [SMTP:netfilter@radel.yi.org] wrote:
>
>I'm logging all incoming connections to port 137:139, and dropping
>packets, but I can see the netbios request on tcpdump listening on ippp0
>interface (isdn link).
>So tcpdump can see packets that will be dropped by iptables?
 
It is my understanding that the libpcap driver used by tcpdump, dsniff, etc.
sees the packets as they are traversing the wire and hitting the interface,
in other wordt before any firewall rules apply.

-Filip