Hi Jan, Sending ping: # ping -s 1024 -c 100 google.com iptables and tcpdump both shows (at IP layer + header): incoming - 100 packets, 9200 bytes outgoing - 100 packets, 105200 bytes This seems fine. But I don't understand why I'm not getting similar outputs of iptables and tcpdump when downloading a file via wget. On 14 July 2010 19:39, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > On Wednesday 2010-07-14 19:00, Shirley Ong wrote: >>With wireshark, I added up all the bytes (with and without header) at all >>the different layers. The closest I can get wireshark to show the same >>data bytes as iptables is at the IP Layer (data + header). What >>puzzles me is that, wireshark shows 12 bytes (incoming traffic) more >>than iptables > > Can you reproduce this using pings? (The ping program allows to specify > payload sizes, and thus, exact packet sizes) > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html