Mike A. Harris writes ("Firewall packet logging question?"):
> Does the current kernel (2.2.x) have any provisions for logging
> or capturing the ENTIRE IP packet which matches a particular
> ipchains rule?
>
> What I'd like to do is capture every packet that matches certain
> rules, and have some way of identifying each raw packet with the
> log entry in syslog to which it was captured.
>
> In other words, the rules I have may block say a UDP datagram
> sent to port 53, and log this (ipchains --log) to syslog. This
> tells me some info about the packet, however the actual packet
> itself is gone.
I do something rather like that for analysing portmap traffic.
I use a REDIRECT to send the packets to a local port and run a UDP
(and TCP) listener to decode and log the packets. Obviously, this
approach only works for packets you want to block.
Peter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:15 EST