I'm sooo sorry. Turned out I missed out a few things on tcpdump. I now confirm that tcpdump does show the same traffic as iptables. Sorry for the trouble. :) Cheers, Shirley On 15 July 2010 10:07, Shirley Ong <soap6gal@xxxxxxxxx> wrote: > Hi Jan, > > Sending ping: > > # ping -s 1024 -c 100 google.com > > iptables and tcpdump both shows (at IP layer + header): > > incoming - 100 packets, 9200 bytes > outgoing - 100 packets, 105200 bytes > > This seems fine. But I don't understand why I'm not getting similar > outputs of iptables and tcpdump when downloading a file via wget. > > > On 14 July 2010 19:39, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: >> On Wednesday 2010-07-14 19:00, Shirley Ong wrote: >>>With wireshark, I added up all the bytes (with and without header) at all >>>the different layers. The closest I can get wireshark to show the same >>>data bytes as iptables is at the IP Layer (data + header). What >>>puzzles me is that, wireshark shows 12 bytes (incoming traffic) more >>>than iptables >> >> Can you reproduce this using pings? (The ping program allows to specify >> payload sizes, and thus, exact packet sizes) >> > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
