Jason you correct, I am looking for tool that is capable of real-time protocol analysis and content matching. SNORT seems to be more appropriate. Thank you for the tip. Israel. -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Jason Opperisano Sent: Wednesday, November 24, 2004 4:59 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: RE: Logging the whole packet On Wed, 2004-11-24 at 06:03, israel Gold wrote: > Jason Opperisano wrote: > > >>AFAIK, the normal LOG target cannot actually do this. instead, use > the ULOG target which will copy the entire packet to the > >>userspace ulogd daemon where you can use the ulogd_PCAP.so plugin to > create a tcpdump file of the packets you are > >>interested in. > > I also would like to log the packet data. In fact, I would like to > monitor NFS Write calls. However, using ULOG and copying all packets > to user space is time consuming. > I have no interest in Read calls which is most of the traffic. > Does iptables provide a tool to filtering packets by looking at the data > ? > > Thanks, > Israel iptables is a firewall; not a high performance packet capturing tool. you guys ever heard of tcpdump? snort? -j -- "They think they're so high and mighty, just because they never got caught driving without pants." --The Simpsons
