[ILUG-BOM] tcpdump and iptables

21 Jun 2003


      I am using iptables on my system.  It is very basic setup that denies all
outside connections.  When an outside connection is attempted, the packet is
dropped and logged into the syslog.  When I run tcpdump on the same interface,
I do see a lot of ARP requests and bootps/bootpc (UDP) requests.  Why are these
attempts not logged into syslog?
Is it because ARP requests are a lower level protocol?
Another question is, when a legitimate packet is allowed and climbing the
TCP/IP stack, who (iptables or tcpdump) gets to see the packet first?
-- 
Subba Rao
subba9@cablespeed.com
------------------------------------------------------------------------------
Old American Wild West saying:       God created men but Colt made them equal.
Today:                  Linus created Linux and Linux made IT companies equal.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[ILUG-BOM] tcpdump and iptables