Hi, I am working on IDS and I am trying to use netfilter conntrack on promiscuous mode. I want to track status of connections not intended for localhost. I have been using Sebastian Zander's patch web:http://www.fokus.gmd.de/research/cc/glone/employees/sebastian.zander/private/ne tfilter.html patch:netfilter-prom-patch.tgz Sebastian's mail:zander@xxxxxxxxxxxx It adds a new table called meter that handle promiscuous packages. It works, but I was not able to track connection status using conntrack. Could anybody advise me on this? I need to make a decission, keep trying or go to user space to mangle all this through libpcap as snort or ntop. thanks, txemi. email: txemi2@xxxxxxxxxxxxx web: http://txemi.webhop.org
