Hi, I am working on IDS and I am trying to use netfilter conntrack on promiscuous mode. I want to track status of connections not intended for localhost. I have been using Sebastian Zander's patch web:http://www.fokus.gmd.de/research/cc/glone/employees/sebastian.zander/private/netfilter.html patch:netfilter-prom-patch.tgz Sebastian's mail:zander@xxxxxxxxxxxx It adds a new table called meter that handle promiscuous packages. It works, but I was not able to track connection status using conntrack. Could anybody advise me on this? I need to make a decission, keep trying or go to user space to mangle all this through libpcap as snort or ntop. thanks, txemi. -- ______________________________ < hola, soy una firma horrible > ------------------------------ \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || mail: txemi <txemi2@xxxxxxxxxxxxx> web: http://txemi.webhop.org mirror: http://txemi2.webhop.org
