If one doesn't already exist, I imagine you could write an iptables module that hooks on the INPUT chain to redirect packets.Hi All!
Does any one know if it is possible to copy all incoming packets on an ethernet interface to another interface without any other processing of the packets?
What I'm trying to do is that I want to use libpcap to capture all incoming traffic on an interface, while still be able to send out packets on that interface without them to be recevied by pcap.Why don't you just use a capture filter for tcpdump? If you want to capture all incomming tracffic with tcpdump, but not capture any frames sent out on that interface, do this:
So I thought that I should set up a tap0 interface and use iptables to copy all traffic incoming on eth0 to tap0 and then I can use pcap on the tap0 interface, while sending raw frames on eth0.
Do I make any sense? Ideas anyone?
tcpdump -i <ifname> -w <capfile> "dst host <ip> || ether broadcast || ether multicast"
That will capture all frames bound for <ip>, where ip is the ip address of the interface you are capturing on, including any broadcast or multicast ethernet frames.
Neil
/Örjan Gustavsson
- : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
-- /*************************************************** *Neil Horman *Software Engineer *Red Hat, Inc. *nhorman@xxxxxxxxxx *gpg keyid: 1024D / 0x92A74FA1 *http://pgp.mit.edu ***************************************************/ - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
