How to debug nfmarking

[Eduardo Fernández]

Hi all,

i'm trying to debug packet marking like this:

iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x1
(...)

But I don't know how to check if the packets are really being marked.
ip_conntrack shows all packets with mark=0, and that's not possible.
I've tried logging with netfilter but I don't know which option shows
the nfmark in the log. Any ideas?

Thank you very much in advance.

Eduardo