LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-27-2014, 03:49 PM   #1
JamesJackson
LQ Newbie
 
Registered: Dec 2014
Posts: 2

Rep: Reputation: Disabled
Question about tcpdump and iptables


Hey guys,

I have one question that i would like to understand. I would like to know if something that is blocked by iptables appears in a tcpdump -i interface.

Best Regards and thanks in advance
 
Old 12-27-2014, 04:32 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531
Quote:
Originally Posted by JamesJackson View Post
I would like to know if something that is blocked by iptables appears in a tcpdump -i interface.
Yes it does. Note there are easier ways to determine that, like using an iptables "-j LOG" rule right before the one that blocks traffic.
 
Old 12-27-2014, 05:05 PM   #3
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,404

Rep: Reputation: Disabled
tcpdump captures packets as they enter and exit an interface. iptables can prevent traffic from exiting a system, but cannot prevent other systems from sending packets to an interface.

In other words, iptables rules in the OUTPUT or FORWARD chains can block outbound traffic (so there will be nothing for tcpdump to capture), but cannot affect the capturing of inbound packets.
 
Old 12-27-2014, 07:31 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531
Thanks for clarifying.

Quote:
Originally Posted by Ser Olmy View Post
(so there will be nothing for tcpdump to capture),
Note that in those cases "-j LOG" rules will work (and NFLOG target as well should you wish to capture those packets).
 
Old 12-27-2014, 07:58 PM   #5
JamesJackson
LQ Newbie
 
Registered: Dec 2014
Posts: 2

Original Poster
Rep: Reputation: Disabled
So i can't block incoming packet's right? the incoming packets when they hit the iptables are processed(waste cpu)? or they only waste bandwidth?

best regards thanks in advance
 
Old 12-27-2014, 08:32 PM   #6
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,404

Rep: Reputation: Disabled
Incoming packets will always use bandwidth. There's nothing you can do about that, short of blocking them at an upstream router.

To which extent blocked packets will consume CPU resources, depends on the design of your iptables ruleset. The earlier a packet hits a "DROP" rule, the less processing power is required to process that packet.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
tcpdump and iptables ThisOne Linux - Networking 5 03-10-2012 03:03 PM
tcpdump shows packages even if iptables policy is set to DROP paliga Linux - Networking 7 06-05-2011 12:37 PM
iptables rule similar to tcpdump -s0 -w irish_rover Linux - Security 3 02-23-2010 08:42 PM
Iptables and tcpdump question cli_man Linux - Networking 1 05-11-2004 08:01 PM
tcpdump and iptables alpha-wolf Linux - Networking 0 08-15-2001 10:31 AM


All times are GMT -5. The time now is 02:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration