On Thu, 2004-09-02 at 13:56, CC wrote: > Hi, > > I think I've asked this before here, but I > don't remember what the answer was. > > If I have iptables running and I do a > tcpdump -i eth0, at what point is > tcpdump listening to the connection? tcpdump operates at the BPF layer, which is below netfilter. if the the inbound interface is eth0; packets that will eventually be dropped by netfilter will be captured by tcpdump. if you're trying to see whether packets make it *through* the firewall--tcpdump on the exiting interface. -j -- Jason Opperisano <opie@xxxxxxxxxxx>
