tcpdump not picking up traffic redirected by iptables

iptables nat wireshark tcpdump
14,032

As you are rewriting the IP packet destination to one of the local host's addresses, it is not passed through the interface the address belongs to (lo in your case) but is simply handled by the stack directly. Thus, you cannot capture it by listening at the loopback interface. This would not be any different if you picked any physically present interface's address.

If you need to capture the conversation, I'd suggest using an appropriate filter expression. Something along the lines of

tcpdump -i lo -i eth1 host 127.0.0.1 or port 3000

should do what you want.

Share:
14,032

Related videos on Youtube

damerica
Author by

damerica

Updated on September 18, 2022

Comments

  • damerica
    damerica over 1 year

    The following iptables rule is used to redirect all internet traffic coming in from eth1 to port 3000 at localhost (interface lo with ip 127.0.0.1):

    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:3000

    Then tcpdump is set up to record all traffic at the lo interface:

    tcpdump -i lo -w output.dump

    However, after I sent some internet traffic (port 80) through eth1, this traffic is not recorded by tcpdump.

    I am not sure why this is so. Can someone please shed some light? Thanks.

  • damerica
    damerica about 11 years
    Thanks for explaining. There also seems to be another problem with my query. I was redirecting from an external ip to localhost (127.0.0.1) and somehow this is not allowed by the linux kernel. So after I switched the target ip from localhost to another address, the packet successfully reached there. However, tcpdump also did not pick up the arriving traffic, which further confirms what you wrote.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Using tcpdump to find strings
Filtering incoming Strongswan VPN packets with iptables
TCP Server sends [ACK] followed by [PSH,ACK]
Parsing large tcpdump files in python
ip_conntrack_tcp_timeout_established not applied to entire subnet
frame contains "\x03\x00\x0e\xa8" display filter in wireshark displays packets not containing these bytes
Use Tshark to view json data
Parsing pcap taken from wireshark file using - Java
ubuntu iptables NAT & Router & Port Forwarding
Linux as router with multiple internet providers