Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tcpdump and iptables



Derek Martin wrote:

> When a frame comes into an interface, the kernel (e.g. the iptables
> filters) sees it first before any userland proceses can muck with it.

Are you certain about that?  I thought that tcpdump violated the usual
course of stack processing, and got a copy of every packet to be received
by the listening interface before they got placed onto the IP stack, 
and that was why tcpdump needed to be executed with setuid as root, and
the packet socket option compiled into the kernel.  The support 
documentation clearly states that tcpdump communicates directly with
the network device.

Hunter





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org