On 02/10/2013 12:31 PM, Daniel Borkmann wrote:
On 02/09/2013 06:15 AM, Jon Schipp wrote:
When testing flowtop I noticed that when using like this "flowtop --tcp
--udp --icmp"
I will see the UDP and TCP flows but not the ICMP. Same with "flowtop --udp
--icmp".
But when using "flowtop --icmp" I see ICMP traffic.
Chain INPUT:
ACCEPT tcp -- anywhere anywhere state
ESTABLISHED
ACCEPT icmp -- anywhere anywhere state
ESTABLISHED
ACCEPT udp -- anywhere anywhere state
ESTABLISHED
...
Chain OUTPUT:
ACCEPT tcp -- anywhere anywhere state
NEW,ESTABLISHED
ACCEPT icmp -- anywhere anywhere state
NEW,ESTABLISHED
ACCEPT udp -- anywhere anywhere state
NEW,ESTABLISHED
Am I missing something?
Good point. This needs to be debugged. Not sure at this point in time if the
problem is in netfilter's conntracking framework, though.
Does the problem still exist with the latest kernel + self-compiled netfilter
conntrack framework libs?
--
You received this message because you are subscribed to the Google Groups
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
