tcpdump and Iptables

Hudson Delbert J Contr 61 CS/SCBN Delbert.Hudson at LOSANGELES.AF.MIL
Fri Sep 3 16:27:00 CEST 2004

oops,,,sorry list i forgot to mention that one should
manipulate SO_BROADCAST option on UDP sockets.

this doesnt work on TCP so you are on your own on that one..

ignore the bogus manner in which it treats bcast addresses.

the other info is worth the trade off.


-----Original Message-----
From: piranha
Sent: Friday, September 03, 2004 7:23 AM
To: 'Netfilter Mailing List'
Subject: RE: tcpdump and Iptables

netcat (nc shows up under ps) might be usefull...

itsa net utility which does I-O across connex using tcp/ip.

it can make its paths or driven by other programs like ssh.

its got a lot of debug and discovery modules in it so it can (and has)
almost any kind of connection..........and some other `interesting


any tcp or udp 
any direction
any tcp port
any udp port

sound godd...wait ther's more..

tunnel with any/all params on/off.
excellent at port-scanning YOUR own networks
clock controlled buffered send-mode like 1 every X seconds
std<err,out> available which means this stuff can be send to tthe syslogs if

and as usual mileage will vary.....make sure you have permission to do this
if you aint sure ask again...



-----Original Message-----
From: netfilter-bounces at
[mailto:netfilter-bounces at]On Behalf Of Nick Drage
Sent: Friday, September 03, 2004 3:23 AM
To: netfilter at
Subject: Re: tcpdump and Iptables

On Fri, Sep 03, 2004 at 08:41:42AM +0800, cc wrote:
> Nick Drage wrote:

> >>If I have iptables running and I do a tcpdump -i eth0,   at what
> >>point is tcpdump listening to the connection?
> >
> >tcpdump will see the packets before IPTables does anything to them.
> Thanks NIck for the info.  Exactly what I wanted to know.

Thanks... though Jason's explanation was rather better :)

tcpdump is an excellent tool, but ( excuse me if I'm stating the obvious
), don't underestimate the usefulness of the logging rules in IPTables
combined with 

tail -f /var/log/$logfile | grep $string_you_are_looking_for

mors omnia vincit

More information about the netfilter mailing list