Re: capturing before/after firewall in Linux

[Jaap Keuter <jaap.keuter () xs4all nl>]

Hi,

I think you should look into ulogd. ulogd is a userspace logging daemon for 
netfilter/iptables related logging. 
(http://www.netfilter.org/projects/ulogd/index.html). Using the 
ulogd_output_PCAP.so plugin you can have it write pcap files.

Thanks,
Jaap


On 12/28/2012 06:58 PM, kapetr wrote:
> Hello,
>
> I run Wireshark in Ubuntu 12.04.1 64b
>
> If I see it correct - wireshark shows all incoming packet - even these, which are dropped by firewall (iptables).
>
> 1. is this so ?
>
> 2. by outgoing packets I expect it will be reversed: wireshark will not show packets dropped by FW  ?
>
> [in other words: wireshark is bite between FW and NIC driver ?]
>
> 3. Is there a way to show in Wireshark ALL in/out packets AND mark (colorize) packets which are/will-be dropped by FW ?
>
> [Wireshark would have to monitor also packets between FW and higher layer of system]
>
> Thanks --kapetr

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe