Tcpdump before iptables?
Wed, 25 Jul 2001 17:38:45 +0200
Radel [SMTP:firstname.lastname@example.org] wrote:
>I'm logging all incoming connections to port 137:139, and dropping
>packets, but I can see the netbios request on tcpdump listening on ippp0
>interface (isdn link).
>So tcpdump can see packets that will be dropped by iptables?
It is my understanding that the libpcap driver used by tcpdump, dsniff, etc.
sees the packets as they are traversing the wire and hitting the interface,
in other wordt before any firewall rules apply.