Tcpdump/Iptables on bridge interface without assigned IP address
If you can ping, there is traffic in your bridged interface. You can watch the traffic using the appropriate options of tcpdump
:
tcpdump -elnXXi br0
In the same way, you can totally filter this traffic using iptables
, taking into account that it will only operate to the IP layer. You would need ebtables
if you need to filter traffic on layer 2 (Ethernet)
Related videos on Youtube
ByteFlinger
Updated on September 18, 2022Comments
-
ByteFlinger over 1 year
I have set up a bridge interface without an ip on it.
$ brctl addbr br0 $ brctl addif tap0 $ brctl addif tap1 $ ifconfig br0 up
As seen above, this bridge is connecting 2 TAP interfaces setup through openvpn.
I am able to ping and send traffic between the 2 TAP interfaces without any problems however whenever I try to tcpdump the bridge interface I cannot see any traffic going through.
Is this because the bridge interface has no IP assigned to it? Is there any way around it so one can see the traffic (and potentially block through iptables or something like it) in the bridge interface without having to assign an ip to the bridge interface?
-
Xavier Lucas almost 9 yearsEdit your post with the exact ping command you are using, interfaces IPs and existing routes.
-
suprjami almost 9 yearsI don't know if this is helpful, but a bridge interface will only see traffic one way in a packet capture. You would be better to perform a packet capture on the bridge port interfaces, i.e
tap0
andtap1
-
-
ByteFlinger almost 9 yearsTried it but still no traffic shown
-
philippe almost 9 yearswhat does the
brctl show
command return? -
ByteFlinger almost 9 yearsTurns out I was wrong due to working in containers and the traffic was actually going outside the vpn. It worked as expected. Thank you