Wireshark and iptables

view story

https://bbs.archlinux.org – thatguy wrote:Does wireshark read packets before they reach the kernel/iptables?Yes.thatguy wrote:I had iptables set up to block everything, yet wireshark continued to get up to several hundred packets per second, mostly ARP broadcast from the lan.Expected behaviour. Use filters in wireshark to filter out what you don't want (or filter in only what you do what).thatguy wrote:I don't understand how wireshark sees the packets if they are dropped by the firewall.Using libpcap, wireshark/tcpdump is able to hook into the network stack within the kernel before iptables (technically "n (HowTos)