问题描述
如果我的开发机器对某些数据包具有iptables
规则,那么tcpdump是否捕获了这些数据包?我有这个问题,因为我知道还有另一个名为INPUT
的链可以过滤数据包到应用程序,如果数据包被路由到FORWARD
链,它将到达tcpdump
应用程序吗?
If my development machine has an iptables
rule to FORWARD
some packets, are those packets being captured by tcpdump? I have this question because I know there exist other chain called INPUT
which filters packets to apps, if a packet is routed to FORWARD
chain, will it reach tcpdump
app?
您可以为官方文档提供可靠的参考,还是表达出解释清楚的想法来解决此问题?
May you make some reliable reference to official documentation or express well explained ideas to solve this question?
推荐答案
TCPDump捕获来自硬件设备的流量. iptables在不同级别处理网络帧.
TCPDump captures traffic from the hardware device. Iptables handles network frames at a different level.
因此答案是否定的,TCPDump仅在通过网卡时才捕获流量. IPtables可能正在接受TCPDump监视的卡上的入站流量,但可能将其发送到不受TCPDump监视的另一张网卡上的出站流量.
So the answer is no, TCPDump will capture traffic only when it passes through the network card. IPtables can be taking inbound traffic on a card that TCPDump is monitoring, but may send it outbound on a different network card that is not being monitored by TCPDump.
请记住,TCPDump仅在通过网卡时才会捕获流量.
Just remember, TCPDump will catch the traffic only if it passes through the network card.
这篇关于iptables过滤会影响tcpdump吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!