Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Linux Virtual Server>
  3. Users
debugging transparent proxy with tcpdump
mack.joseph at epa
Mar 16, 2001, 12:42 PM
Post #1 of 2 (328 views)
Permalink
I'm looking at packets after they've been accepted by TP
and I'm using (among other things) tcpdump.

Where in the netfilter chain does tcpdump look at incoming
and outgoing packets? When they are put on/received from
the wire? After the INPUT, before the OUTPUT chain...?

Anyone know?

Thanks Joe

--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@epa.gov ph# 919-541-0007, RTP, NC, USA
Re: debugging transparent proxy with tcpdump [ In reply to ]
ja at ssi
Mar 17, 2001, 2:24 AM
Post #2 of 2 (325 views)
Permalink
Hello,

On Fri, 16 Mar 2001, Joseph Mack wrote:

> I'm looking at packets after they've been accepted by TP
> and I'm using (among other things) tcpdump.
>
> Where in the netfilter chain does tcpdump look at incoming
> and outgoing packets? When they are put on/received from
> the wire? After the INPUT, before the OUTPUT chain...?

Before/after any netfilter chains. Such programs hook at
packet level before/after the IP stack just before/after the packet
is received/must be sent from/by the device. They work and for
other protocols. The tcpdump is a packet receiver just like the
IP stack is such one in the network stack.

> Anyone know?
>
> Thanks Joe


Regards

--
Julian Anastasov <ja@ssi.bg>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal