Logging the whole packet
Jason Opperisano
opie at 817west.com
Wed Nov 24 15:58:42 CET 2004
On Wed, 2004-11-24 at 06:03, israel Gold wrote:
> Jason Opperisano wrote:
>
> >>AFAIK, the normal LOG target cannot actually do this. instead, use
> the ULOG target which will copy the entire packet to the
> >>userspace ulogd daemon where you can use the ulogd_PCAP.so plugin to
> create a tcpdump file of the packets you are
> >>interested in.
>
> I also would like to log the packet data. In fact, I would like to
> monitor NFS Write calls.
> However, using ULOG and copying all packets to user space is time
> consuming.
> I have no interest in Read calls which is most of the traffic.
> Does iptables provide a tool to filtering packets by looking at the data
> ?
>
> Thanks,
> Israel
iptables is a firewall; not a high performance packet capturing tool.
you guys ever heard of tcpdump? snort?
-j
--
"They think they're so high and mighty, just because they never got
caught driving without pants."
--The Simpsons
More information about the netfilter
mailing list