Wireshark mailing list archives
Re: capturing before/after firewall in Linux
From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Sat, 29 Dec 2012 17:44:35 +0100
Hi,I think you should look into ulogd. ulogd is a userspace logging daemon for netfilter/iptables related logging. (http://www.netfilter.org/projects/ulogd/index.html). Using the ulogd_output_PCAP.so plugin you can have it write pcap files.
Thanks, Jaap On 12/28/2012 06:58 PM, kapetr wrote:
Hello, I run Wireshark in Ubuntu 12.04.1 64b If I see it correct - wireshark shows all incoming packet - even these, which are dropped by firewall (iptables). 1. is this so ? 2. by outgoing packets I expect it will be reversed: wireshark will not show packets dropped by FW ? [in other words: wireshark is bite between FW and NIC driver ?] 3. Is there a way to show in Wireshark ALL in/out packets AND mark (colorize) packets which are/will-be dropped by FW ? [Wireshark would have to monitor also packets between FW and higher layer of system] Thanks --kapetr
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- capturing before/after firewall in Linux kapetr (Dec 28)
- Re: capturing before/after firewall in Linux Jaap Keuter (Dec 29)
- Re: [Wireshark-users] capturing before/after firewall in Linux kapetr (Dec 30)
- Re: capturing before/after firewall in Linux Jaap Keuter (Dec 29)