tcpdump and Iptables

Nick Drage nickd at metastasis.org.uk
Fri Sep 3 12:23:21 CEST 2004


On Fri, Sep 03, 2004 at 08:41:42AM +0800, cc wrote:
> Nick Drage wrote:

> >>If I have iptables running and I do a tcpdump -i eth0,   at what
> >>point is tcpdump listening to the connection?
> >
> >tcpdump will see the packets before IPTables does anything to them.
> 
> Thanks NIck for the info.  Exactly what I wanted to know.

Thanks... though Jason's explanation was rather better :)

tcpdump is an excellent tool, but ( excuse me if I'm stating the obvious
), don't underestimate the usefulness of the logging rules in IPTables
combined with 

tail -f /var/log/$logfile | grep $string_you_are_looking_for

-- 
mors omnia vincit



More information about the netfilter mailing list