Re: how to sniff marked packets by iptables

2008-09-29 Thread Alex Samad
On Mon, Sep 29, 2008 at 10:33:38AM -0300, Lucas Mocellin wrote: > Ok, I understood, but create a dummy device to sniff it in a operation > server I think it is not the best solution. > > But, I have never thought about -j LOG, kkk if I do a filter by the > mark, and -j LOG, I think it's su

Re: how to sniff marked packets by iptables

2008-09-29 Thread Lucas Mocellin
Ok, I understood, but create a dummy device to sniff it in a operation server I think it is not the best solution. But, I have never thought about -j LOG, kkk if I do a filter by the mark, and -j LOG, I think it's sufficient. thanks!! Lucas. 2008/9/29 Mariusz Kruk <[EMAIL PROTECTED]> >

Re: how to sniff marked packets by iptables

2008-09-29 Thread Mariusz Kruk
On pon, 2008-09-29 at 05:34 -0700, Djingo Cacadril wrote: > Lucas Mocellin <[EMAIL PROTECTED]> wrote on Thursday, September > 25, 2008 7:57:16 PM > > > I marked some packets with iptables (-j MARK), and I want to "see" > this set. > > > > I tried to search google, but nothing related. tcpdump doe

Re: how to sniff marked packets by iptables

2008-09-29 Thread Djingo Cacadril
Lucas Mocellin <[EMAIL PROTECTED]> wrote on Thursday, September 25, 2008 7:57:16 PM > I marked some packets with iptables (-j MARK), and I want to "see" this set. > > I tried to search google, but nothing related. tcpdump doesn't seems help > with that. The MARK target _associates_ a mark wit

Re: how to sniff marked packets by iptables

2008-09-25 Thread Lucas Mocellin
Yes, ethereal doesn't work too. well, I think this is true, but must be something to sniff this "marks" thanks, Lucas. 2008/9/25 Brian Schrock <[EMAIL PROTECTED]> > I was never under the impression that marking packets does anything to the > packet itself. It only makes modifications to the st

Re: how to sniff marked packets by iptables

2008-09-25 Thread Andre Luiz Rodrigues Ferreira
Hmm... Try save packets with tcpdump to a file and look at them with ethereal. tcpdump -s 1500 -w packets.dump 2008/9/25 Lucas Mocellin <[EMAIL PROTECTED]>: > I tried.. no success > > this is the output: > 15:12:09.691627 IP (tos 0x0, ttl 63, id 12765, offset 0, flags [DF], proto: > TCP (6), len

Re: how to sniff marked packets by iptables

2008-09-25 Thread Lucas Mocellin
I tried.. no success this is the output: 15:12:09.691627 IP (tos 0x0, ttl 63, id 12765, offset 0, flags [DF], proto: TCP (6), length: 40) 10.12.15.10.1433 > 72.246.216.16.80: ., cksum 0xa017 (corre ct), 1:1(0) ack 1 win 64240 this packet is marked with 0x4bf, but no information on tcpdump. 2008

Re: how to sniff marked packets by iptables

2008-09-25 Thread Andre Luiz Rodrigues Ferreira
Hi! Try: tcpdump -vvv 2008/9/25 Lucas Mocellin <[EMAIL PROTECTED]>: > Hi, > > I marked some packets with iptables (-j MARK), and I want to "see" this set. > > I tried to search google, but nothing related. tcpdump doesn't seems help > with that. > > Have anyone any idea? > > Thanks, > > Lucas Moce

how to sniff marked packets by iptables

2008-09-25 Thread Lucas Mocellin
Hi, I marked some packets with iptables (-j MARK), and I want to "see" this set. I tried to search google, but nothing related. tcpdump doesn't seems help with that. Have anyone any idea? Thanks, Lucas Mocellin.