Re: how to sniff marked packets by iptables
Hmm...
Try save packets with tcpdump to a file and look at them
with ethereal.
tcpdump -s 1500 -w packets.dump
2008/9/25 Lucas Mocellin <lucasmocellin@gmail.com>:
> I tried.. no success
>
> this is the output:
> 15:12:09.691627 IP (tos 0x0, ttl 63, id 12765, offset 0, flags [DF], proto:
> TCP (6), length: 40) 10.12.15.10.1433 > 72.246.216.16.80: ., cksum 0xa017
> (corre
> ct), 1:1(0) ack 1 win 64240
>
> this packet is marked with 0x4bf, but no information on tcpdump.
>
> 2008/9/25 Andre Luiz Rodrigues Ferreira <andrelrf@gmail.com>
>>
>> Hi!
>> Try: tcpdump -vvv
>>
>> 2008/9/25 Lucas Mocellin <lucasmocellin@gmail.com>:
>> > Hi,
>> >
>> > I marked some packets with iptables (-j MARK), and I want to "see" this
>> > set.
>> >
>> > I tried to search google, but nothing related. tcpdump doesn't seems
>> > help
>> > with that.
>> >
>> > Have anyone any idea?
>> >
>> > Thanks,
>> >
>> > Lucas Mocellin.
>> >
>>
>>
>>
>> --
>> Andre Luiz Rodrigues Ferreira (si0ux)
>> -----------------------------------------------------
>> andrelrf@gmail.com
>> http://www.debianart.org
>
>
--
Andre Luiz Rodrigues Ferreira (si0ux)
-----------------------------------------------------
andrelrf@gmail.com
http://www.debianart.org
Reply to: