Grant Taylor <gtaylor@xxxxxxxxxxxxxxxxx> writes: > You /might/ be able to catch some traffic *if* the Linux TCP/IP stack > thought that it was appropriately addressed to the system. That is exactly the problem. The network stack doesn't think it needs to do anything with the packets. > I think you will have better luck doing this with bridging as bridging > is (more) accustom to dealing with traffic that may or may not be > addressed to the local system. If the kernel has to forward the packet, the performance advantages of using NFLOG probably disappear. I guess I'm sticking to libpcap then. /Benny -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
