Re: Capturing external packets sent to loopback (FreeBSD) ?

[Ray Bellis via tcpdump-workers <tcpdump-workers () lists tcpdump org>]

> --- Begin Message ---
>
>
> From: Ray Bellis <ray () bellis me uk>
>
> Date: Mon, 24 Feb 2020 17:53:43 +0000
>
> On 24/02/2020 17:42, Guy Harris wrote:
>
> > What do you mean by "loopback" here?  The term "loopback interface"
> > generally means "fake interface that sends packets from the machine
> > to itself" on UN*Xes, e.g. the lo0 interface on most UN*Xes or just
> > lo on Linux.  Is that the type of interface on which you're
> > capturing?
>
> It is, but it's also the type of interface typically used when you want
> to announce a (potentially multi-homed) service address (e.g. via an
> IGP) that is not directly on a physical interface.
>
> > ...why would packets be delivered on the loopback interface if they
> > arrived on a physical interface?
>
> That depends on what you mean by "delivered".
>
> The daemon is only listening on that single IP address, which is itself
> only present on the loopback address.
>
> The kernel even has a routing table entry for that address, with the
> correct loopback interface specified as the destination.
>
> What appears to be missing is any way to tell the kernel to send a
> packet that's in transit between the outside and that virtual "inside"
> interface out to the BPF system.
>
> You *can* sniff packets that a machine "sends to itself", though.
>
> cheers,
>
> Ray
>
> --- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers