* iptables in promiscuous mode
@ 2011-07-05 16:05 Andrey
2011-07-07 17:03 ` Emilio Lazo Zaia
2011-07-07 19:15 ` Marek Kierdelewicz
0 siblings, 2 replies; 3+ messages in thread
From: Andrey @ 2011-07-05 16:05 UTC (permalink / raw)
To: netfilter
Hello,
I have traffic that was captured in promiscuous mode, therefore it is
not destined to my computer.
From what I understand netfilter/iptables does not work in promiscuous
mode therefore it will not see the traffic when I replay it.
My question is can I make iptables work in promiscuous mode, if I can then how?
Regards,
Andrey
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables in promiscuous mode
2011-07-05 16:05 iptables in promiscuous mode Andrey
@ 2011-07-07 17:03 ` Emilio Lazo Zaia
2011-07-07 19:15 ` Marek Kierdelewicz
1 sibling, 0 replies; 3+ messages in thread
From: Emilio Lazo Zaia @ 2011-07-07 17:03 UTC (permalink / raw)
To: Andrey; +Cc: netfilter
*Maybe* making the device behaves in promiscuous mode to allow these
packets enters into kernel's network stack.
i.e.
# ifconfig [dev] +promisc
# ifconfig [dev] -promisc
or
# ip link set [dev] promisc on
# ip link set [dev] promisc off
What are you doing?
Someone can explain me why when tcpdump or wireshark are capturing
packets, neither ifconfig nor iproute shows the “PROMISC” flag? but
dmesg indeed show “device [dev] entered promiscuous mode”.
On 07/05/2011 11:35 AM, Andrey wrote:
> Hello,
>
> I have traffic that was captured in promiscuous mode, therefore it is
> not destined to my computer.
> From what I understand netfilter/iptables does not work in promiscuous
> mode therefore it will not see the traffic when I replay it.
> My question is can I make iptables work in promiscuous mode, if I can then how?
>
> Regards,
> Andrey
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: iptables in promiscuous mode
2011-07-05 16:05 iptables in promiscuous mode Andrey
2011-07-07 17:03 ` Emilio Lazo Zaia
@ 2011-07-07 19:15 ` Marek Kierdelewicz
1 sibling, 0 replies; 3+ messages in thread
From: Marek Kierdelewicz @ 2011-07-07 19:15 UTC (permalink / raw)
To: Andrey; +Cc: netfilter
>Hello,
Hi,
>I have traffic that was captured in promiscuous mode, therefore it is
>not destined to my computer.
From what I understand netfilter/iptables does not work in promiscuous
>mode therefore it will not see the traffic when I replay it.
It looks like ruleset test scenario.
Option1)
You can change mac address and/or ip address of a host you replay
traffic to to the values of original recipient of the traffic. That way
traffic should hit all apropriate netfilter hooks.
Option2)
You can:
- create bridge br0 with eth0 and tap0 up and attached to it,
- set br0 to act as a hub:
echo 0 > /sys/class/net/br0/bridge/ageing_time
- enable netfilter for bridged traffic
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
- feed replayed traffic to eth0
You should see traffic passing some netfilter chains, but you won't see
much in INPUT/OUTPUT of filter table. Most (all) of the traffic will be
treated as forwarded, not as received localy.
Best regards,
Marek Kierdelewicz
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-07-07 19:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-05 16:05 iptables in promiscuous mode Andrey
2011-07-07 17:03 ` Emilio Lazo Zaia
2011-07-07 19:15 ` Marek Kierdelewicz
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.