Le sam 06/03/2004 à 19:12, Antony Stone a écrit : > tcpdump sees ethernet frames, > IPX and similar traffic which are not even IP based, as well as completely > different media types such as 802.11b headers. All this gets stripped off > before reaching netfilter (with the exception of MAC addresses, but even > there, netfilter can't tell whether a packet arrived by ethernet or 802.11). Just a notice about 802.11 stuff. The way tcpdump will see traffic coming from a wireless link depends on the wifi interface state. If the interface is in normal operation mode (managed, ad-hoc or master), it will see frames as usual ethernet ones, just as it was sniffing a wired link. If the interface is in monitor mode, then it will see the frames will full 802.11 header. BTW, I can confirm tcpdump will see outgoing traffic as it is after POSTROUTING chain, and incoming one as it is before PREROUTING. I've just checked playing with TTL on pings. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
