Thanks for the test...I compiled my own (2.4.18) kernel and have been having
problems (General Intelligence Failure) with getting the kernel to support
iptables. I was mostly wondering if my current set of iptables rules on my
other computer would affect it's capturing. But either way, this is a very
good thing to know. Thanks for you help!
-Rick Farina
----- Original Message -----
From: "Gerald Combs" <gerald@xxxxxxxxxxxx>
To: "Rick Farina" <farinard@xxxxxxxxxx>
Cc: <ethereal-users@xxxxxxxxxxxx>
Sent: Sunday, April 07, 2002 20:24
Subject: Re: [Ethereal-Users] sniffing theory
On Sun, 7 Apr 2002, Rick Farina wrote:
> I have a really odd question. If I am using linux, and block ALL outgoing
> AND incoming traffic with iptables, can I still sniff? I would assume
not,
> but promisc does have some odd features. If this would work, is there a
> disadvantage to this?
As a quick test I ran "iptables -A INPUT -j DROP" and "iptables -A OUTPUT
-j DROP" on a stock RH 7.2 machine (kernel version 2.4.9). I was able to
capture without any problems. However, I haven't found any documentation
that states that this is the case for all 2.4 kernels.
What are you trying to accomplish by blocking all traffic? If you want to
sniff on an interface that's invisible to the local network, you might try
bringing your interface up without an IP address. You should still be
able to see traffic without having to worry about iptables intercepting
anything.
> Thanks
>
> -Rick Farina
>
>
> "a false sense of security, is worse than insecurity" -Steve Gibson
>
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users