Re: Packet capturing, iptables and eth0 vs. dummy0

[Martin Josefsson]

On Wed, 2004-11-17 at 21:30, DervishD wrote:
>     Hi all :)
> 
>     I've noticed that, no matter what filtering is iptables doing,
> tcpdump gets all packets from interface eth0 as seen in the bus, but
> doesn't do the same in dummy0. I'll explain it further...

[snip]

>     If I do exactly the same from the machine running tcpdump and the
> filter, I cannot connect (without the filter I can), but no output
> comes from tcpdump, which is exactly what I expected in the case
> explained in the paragraph above.
> 
>     Is is normal? Is normal that tcpdump shows packets before they
> enter the filter when the interface is a real one (eth0) but no when
> you access through a dummy interface or localhost, or am I missing
> anything?

Try sniffing on the 'lo' interface instead of 'dummy0' since all packets
generated by the local machine destined for the local machine goes via
the ´lo' interface. ipaddresses looks like they belong to interfaces but
that's not the case with linux, they belong to the machine.

'ip route list table local'

All packets destined for entries marked as "local" will go through the
'lo' interface. 

-- 
/Martin

Attachment: signature.asc
Description: This is a digitally signed message part