On Thursday 2010-10-21 03:57, Mateus Caruccio wrote: >Unfortunately I'm not able to run any command on production servers :( >All I could get was a physical port mirror, using an ethernet cable in >the switch. > >Since I do have a copy of the packet on my own box, why can't I change >it, inside my own box, to match my own IP addr and route it to my own >userspace app (no matter interface)? Because you can route it to the userspace program without having to change the address. >For me this should be simple: > >1 - a pkt reached my interface with prod-server-dst-addr; >2 - before it get routed, rewrite its dst-addr to my interface's addr; >3 - let the kernel delivery it to my interface's local addr:port. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
