LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Iptables and tcpdump question (https://www.linuxquestions.org/questions/linux-networking-3/iptables-and-tcpdump-question-180277/)

cli_man 05-11-2004 08:51 AM
Iptables and tcpdump question
 
When you are running tcpdump does it see the network traffic before iptables is run or after?

I have a backup server that doesn't do anything during the daytime and I also have a Intrusion Detection server(IDS), sometimes I see some oddball traffic coming through the IDS server but there is so much info that I cannot just look at that, I wanted to use iptables to redirect the traffic to my backup machine and then use tcpdump to just look at the packets I am redirecting.

Where the problem comes in is I have constent traffic from router protocols and netbios queries and such that I am having trouble just seeing what traffic is being redirected. Is there a way I can just block all the traffic going to the backup machine except for whats comming from the IDS server? When I block the traffic in iptables it seems that tcpdump picks it up before it is blocked by iptables.

zaphodiv 05-11-2004 07:01 PM
Tcpdump shows the packets as they are in the cable.

You can give tcpdump rules to select what to show/not show.

You could use an alternative sniffer such as ethereal.


All times are GMT -5. The time now is 08:11 PM.