TCPDump: Difference between revisions
→Basics
(→Basics) |
|||
Line 5:
= Basics =
* TCPDump done with "-i any" will result in packets with No Ethernet Headers captured in wireshark.
tcpdump -i eth0
* TCPDump uses libpcap which processes packets before they get processed by IPTables.
* Therefore TCPDump will see Incoming Ping packets though they are dropped by IPTables.
* TCPDump will see inbound traffic before iptables, but will see outbound traffic only after the firewall has processed it.
= Filters =
|