On Sunday 14 March 2004 7:47 pm, Sandy C wrote:
> --- Antony Stone wrote:
>
> > Besides, why do you want netfilter to do your logging, if you can run
> > ethereal? You get a lot more information out of ethereal, and it can
> > show you the protocols in a much more meaningful manner.
>
> I really need something that can do a little bit of
> both. I need to be able to sniff the packets (ala
> ethereal), and if they are of a certain type, I need
> to take some action on them (ala netfilter) I'd prefer
> not to do any routing.
>
> Now you've spelled it out though, its not clear to me
> if its possible.
Think of the setup like this:
One machine (client or server) sends a packet to the other, and that packet
also gets picked up by the sniffer.
It's too late then to think about doing any filtering, or other action to
change the packet, because by the time the sniffer has seen it, so has the
machine it was addressed to (server or client).
I hope this explains why you cannot possibly do what you wanted.
Regards,
Antony.
--
People who use Microsoft software should be certified.
Please reply to the list;
please don't CC me.
