Will tcpdump see packets that are being dropped by iptables?
30,673
tcpdump
uses libpcap
and libpcap
processes packets before they get processed by the firewall, so the answer is "yes".
Related videos on Youtube
Author by
maths
Programmer from Paraguay, South America. Love C/C++/C#, Scheme and Java.
Updated on September 17, 2022Comments
-
maths almost 2 years
I have a firewall with these simple rules:
iptables -A INPUT -p tcp -s 127.0.0.1/32 --dport 6000 -j ACCEPT iptables -A INPUT -p tcp -s 192.168.16.20/32 --dport 6000 -j ACCEPT iptables -A INPUT -p tcp --dport 6000 -j REJECT
Now, suppose I am using TCPDUMP like this:
tcpdump port 6000
And I have host
192.168.16.21
trying to connect to port6000
.Will/should
tcpdump
output some packets coming from192.168.16.21
? -
rmmoul about 7 yearsThis is only partially true.
tcpdump
will see inbound traffic beforeiptables
, but will see outbound traffic only after the firewall has processed it. See superuser.com/q/925286/18898 -
23r23f23q over 2 yearsso is there away to drop incoming packets from a specific IP so that even tcpdump won't even see them?