I am using iptables on my system. It is very basic setup that denies all outside connections. When an outside connection is attempted, the packet is dropped and logged into the syslog. When I run tcpdump on the same interface, I do see a lot of ARP requests and bootps/bootpc (UDP) requests. Why are these attempts not logged into syslog?
Is it because ARP requests are a lower level protocol?
Another question is, when a legitimate packet is allowed and climbing the TCP/IP stack, who (iptables or tcpdump) gets to see the packet first?
On Sat, Jun 21, 2003 at 04:31:30PM -0400, Subba Rao wrote:
GLUG Meeting on 13th July, 4pm at KReSIT, IIT Campusm, Powai.
I am using iptables on my system. It is very basic setup that denies all outside connections. When an outside connection is attempted, the packet is dropped and logged into the syslog. When I run tcpdump on the same interface, I do see a lot of ARP requests and bootps/bootpc (UDP) requests. Why are these attempts not logged into syslog?
Is it because ARP requests are a lower level protocol?
Yes
Another question is, when a legitimate packet is allowed and climbing the TCP/IP stack, who (iptables or tcpdump) gets to see the packet first?
tcpdump
-- Subba Rao subba9@cablespeed.com
Old American Wild West saying: God created men but Colt made them equal. Today: Linus created Linux and Linux made IT companies equal.