iptables promisc mode - Magnus Månsson

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Magnus Månsson" <ganja@0x63.nu>
To: netfilter@lists.netfilter.org
Cc: magnusm@massive.se
Subject: iptables promisc mode
Date: Wed, 15 Nov 2006 20:43:03 +0100	[thread overview]
Message-ID: <455B6DC7.4010904@0x63.nu> (raw)

Hi, it seems like a couple of people have asked for this before but I 
havent seen any answers.

I want iptables to get packages that do not belong to the machine, 
packages that are directed to others but came to me due to promisc mode. 
I have found a patch from November 2001 that seems to do what I want but 
after manually trying to patch it in my userspace utils segfaults. I am 
not a programmer so no surprise I didnt manage. The old patch is here: 
http://idea.hosting.lv/a/iptables-promisc/

So, why do I want this? (maybe you can tell me that I should do it in 
another way)
I am having a routing switch that is mirroring the internet traffic into 
2 interfaces in a linux machine, this machine is for example running 
ntop to look at what people are doing (that they shouldnt do). One of 
the things I/we are interested to find out is if people uses peer to 
peer protocols like Direct Connect / Bittorrent. My idea was to solve 
this with iptables layer7 filter (l7-filter.sourceforge.net), ulogd and 
mysql. But since I cant build ULOG rules that catch the packages I am stuck.

The reason to choose iptables is that I can store all the information 
about the protocols I am interested in. Ntop doesnt have the history 
that I want.

I am very thankful for whatever help/directions I can get.

--
Magnus Månsson

next             reply	other threads:[~2006-11-15 19:43 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-15 19:43 Magnus Månsson [this message]
2006-11-15 20:13 ` iptables promisc mode R. DuFresne
2006-11-15 20:27   ` Magnus Månsson
2006-11-15 20:35     ` Victor Julien
2006-11-15 20:39       ` Magnus Månsson
2006-11-17  0:32         ` Alan Ezust

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=455B6DC7.4010904@0x63.nu \
    --to=ganja@0x63.nu \
    --cc=magnusm@massive.se \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.