I've actually done exactly what you want. You can use a combo of the INPUT chain and OUTPUT chain (assuming you also want to change the outbound traffic as well). The iptables module works. The tcpdump thing will work as well. :) -----Original Message----- From: linux-net-owner@xxxxxxxxxxxxxxx [mailto:linux-net-owner@xxxxxxxxxxxxxxx] On Behalf Of Neil Horman Sent: Wednesday, January 26, 2005 6:52 AM To: Örjan Gustavsson Cc: linux-net@xxxxxxxxxxxxxxx Subject: Re: packet copy/forward with iptables Örjan Gustavsson wrote: > Hi All! > > Does any one know if it is possible to copy all incoming packets on an > ethernet interface to another interface without any other processing of > the packets? > If one doesn't already exist, I imagine you could write an iptables module that hooks on the INPUT chain to redirect packets. > What I'm trying to do is that I want to use libpcap to capture all > incoming traffic on an interface, while still be able to send out > packets on that interface without them to be recevied by pcap. > > So I thought that I should set up a tap0 interface and use iptables to > copy all traffic incoming on eth0 to tap0 and then I can use pcap on the > tap0 interface, while sending raw frames on eth0. > > Do I make any sense? > Ideas anyone? > Why don't you just use a capture filter for tcpdump? If you want to capture all incomming tracffic with tcpdump, but not capture any frames sent out on that interface, do this: tcpdump -i <ifname> -w <capfile> "dst host <ip> || ether broadcast || ether multicast" That will capture all frames bound for <ip>, where ip is the ip address of the interface you are capturing on, including any broadcast or multicast ethernet frames. Neil > /Örjan Gustavsson > > - > : send the line "unsubscribe linux-net" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- /*************************************************** *Neil Horman *Software Engineer *Red Hat, Inc. *nhorman@xxxxxxxxxx *gpg keyid: 1024D / 0x92A74FA1 *http://pgp.mit.edu ***************************************************/ - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
