Re: packet copy/forward with iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Neil Horman wrote: 
Örjan Gustavsson wrote:

Hi All!

Does any one know if it is possible to copy all incoming packets on an ethernet interface to another interface without any other processing of the packets?

If one doesn't already exist, I imagine you could write an iptables module that hooks on the INPUT chain to redirect packets. 

I was hoping to not having to do that... I'm a bit short of time. :)


What I'm trying to do is that I want to use libpcap to capture all incoming traffic on an interface, while still be able to send out packets on that interface without them to be recevied by pcap.

So I thought that I should set up a tap0 interface and use iptables to copy all traffic incoming on eth0 to tap0 and then I can use pcap on the tap0 interface, while sending raw frames on eth0.

Do I make any sense?
Ideas anyone?

Why don't you just use a capture filter for tcpdump? If you want to capture all incomming tracffic with tcpdump, but not capture any frames sent out on that interface, do this:
tcpdump -i <ifname> -w <capfile> "dst host <ip> || ether broadcast || ether multicast"

I need to capture ALL packets even if they are addressed to strange addresses. :)

We will use this to feed a chip simulator that simulates our gigabit ethernet switch chip. So I need to be able to get all kind of strange packets into it.

The simulator will also generate packets wich I need to transmit out on the interface, and I don't want to get those packets back from pcap again...

That is why I came up with the idea of using a 'shadow' device like a tap device and copy all incoming packets to that interface, while sending on the 'real' interface.


That will capture all frames bound for <ip>, where ip is the ip address of the interface you are capturing on, including any broadcast or multicast ethernet frames.
Neil

/Örjan Gustavsson

-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





/Örjan

-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux