Hi! Is there any possibility to see packets with tcpdump _before_ they are de-masqueraded? The situation is as follows: eth0: 192.168.0.99/24 ppp0: 193.80.224.98/32 I´m masquerading all of 192.168.0/24 behind ppp0 and debugging would sometimes be much easier if I could see incoming packets before they are rewritten to some internal address. Yes, I´m snooping on ppp0, not eth0. tcpdump´ing on ppp0 while some masqueraded box does NTP: 20:14:34.735233 ip: 193.80.224.98.62090 > 193.81.13.2.123: v3 client strat 0 poll 0 prec 0 20:14:34.745233 ip: 193.81.13.2.123 > 192.168.0.1.1156: v3 server strat 2 poll 4 prec -18 (DF) I cannot think of any way to dump enough brain into a script I´m writing to see the connection between those two packets this way. Maybe an update from 2.0.38 to 2.2 or 2.4 would help, could someone running one of those newer kernels who also masquerades something check this, please? cheers+TIA, &rw -- -- "Enemy Windows PC 400 metres to your front...at your own time, fire!" -- "Hold your fire until you can see the green of their CAPS LOCK LEDs" -- asr, Mike, then Tanuki ----
Attachment:
pgpa9FG80ArMn.pgp
Description: PGP signature