On Wed, 2004-11-24 at 06:03, israel Gold wrote: > Jason Opperisano wrote: > > >>AFAIK, the normal LOG target cannot actually do this. instead, use > the ULOG target which will copy the entire packet to the > >>userspace ulogd daemon where you can use the ulogd_PCAP.so plugin to > create a tcpdump file of the packets you are > >>interested in. > > I also would like to log the packet data. In fact, I would like to > monitor NFS Write calls. > However, using ULOG and copying all packets to user space is time > consuming. > I have no interest in Read calls which is most of the traffic. > Does iptables provide a tool to filtering packets by looking at the data > ? > > Thanks, > Israel iptables is a firewall; not a high performance packet capturing tool. you guys ever heard of tcpdump? snort? -j -- "They think they're so high and mighty, just because they never got caught driving without pants." --The Simpsons
