Re: netfilter hook questions

From: Mulyadi Santosa
Date: Thu Mar 01 2007 - 00:19:45 EST

the problem is that with a active RTP flow arriving to the box (tcpdump
can see it) my function doesn't get any packet.

however, when the same box that is capturing also participates in the
RTP flow, it's received correctly in the hook.

so, why is not working the promiscuous mode? i'm missing something?
I am just adding another "suspect" here. The tcpdump (which is using libpcap) might be operating at layer 2 (data link?), while netfilter operates in layer 3. Since this is just "sniffing", layer 2 of Linux network stack quickly revealed that this packet is not actually for your machine, so it it dropped.

Maybe, you can observe the code from program like Dug Song's dsniff and see how it did the monitoring or even packet interception.



To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at