tcpdump and Iptables

Hudson Delbert J Contr 61 CS/SCBN Delbert.Hudson at LOSANGELES.AF.MIL
Fri Sep 3 16:27:00 CEST 2004


oops,,,sorry list i forgot to mention that one should
manipulate SO_BROADCAST option on UDP sockets.

this doesnt work on TCP so you are on your own on that one..

ignore the bogus manner in which it treats bcast addresses.

the other info is worth the trade off.

v/r
~piranha

-----Original Message-----
From: piranha
Sent: Friday, September 03, 2004 7:23 AM
To: 'Netfilter Mailing List'
Subject: RE: tcpdump and Iptables


netcat (nc shows up under ps) might be usefull...

itsa net utility which does I-O across connex using tcp/ip.

it can make its paths or driven by other programs like ssh.

its got a lot of debug and discovery modules in it so it can (and has)
create
almost any kind of connection..........and some other `interesting
built-ins`.

does:

any tcp or udp 
any direction
any tcp port
any udp port

sound godd...wait ther's more..

tunnel with any/all params on/off.
excellent at port-scanning YOUR own networks
clock controlled buffered send-mode like 1 every X seconds
hexdump
std<err,out> available which means this stuff can be send to tthe syslogs if
desired.


and as usual mileage will vary.....make sure you have permission to do this
if you aint sure ask again...

nufsaid.

v/r,
~piranha


-----Original Message-----
From: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org]On Behalf Of Nick Drage
Sent: Friday, September 03, 2004 3:23 AM
To: netfilter at lists.netfilter.org
Subject: Re: tcpdump and Iptables


On Fri, Sep 03, 2004 at 08:41:42AM +0800, cc wrote:
> Nick Drage wrote:

> >>If I have iptables running and I do a tcpdump -i eth0,   at what
> >>point is tcpdump listening to the connection?
> >
> >tcpdump will see the packets before IPTables does anything to them.
> 
> Thanks NIck for the info.  Exactly what I wanted to know.

Thanks... though Jason's explanation was rather better :)

tcpdump is an excellent tool, but ( excuse me if I'm stating the obvious
), don't underestimate the usefulness of the logging rules in IPTables
combined with 

tail -f /var/log/$logfile | grep $string_you_are_looking_for

-- 
mors omnia vincit



More information about the netfilter mailing list