I think tcpdump may be the way to go then. Try first with iptraf, as it's not so low level. Both of these are network packet sniffers and are a must have for any fierwall.
--- Bjoern Schmidt <[EMAIL PROTECTED]> wrote: > Mike Mestnik wrote: > > IIRC you can pass logs to any facility and level, even making up your own. > > Then you add > something > > like... > > # in /etc/syslog.conf > > myfacility.* /var/log/netjunk.log > > For this i can use the ULOG target, but you asked for the whole > packet... > > > > > --- Bjoern Schmidt <[EMAIL PROTECTED]> wrote: > > > >>Mike Mestnik wrote: > >> > >>>That's surprising... > >>>It could be pkts from a non IP interface(maby your loopback?) or from a > >>>non IP protocol? > Even > >> > >>so > >> > >>>they should have been caught by your blank rule. This would seam like a > >>>problem, one that > >> > >>could > >> > >>>be explotable. See if you can catch the pkts in question with tcpdump or > >>>the like, that > might > >> > >>be > >> > >>>helpfull. > >>> > >> > >> > >>Is there any netfilter target which redirects packets into one or more > >>files? An existing FILELOGGER target would be great: > >> > >>iptables -P INPUT -j FILELOGGER --d-folder /slippedpackets/ > >> > >>Then i could change the chain policy to save these packets in an easier > >>way than using tcpdump... > >> > >>-- > >>Greetings > >>Bjoern Schmidt > >> > >> > >> > >>-- > >>To UNSUBSCRIBE, email to [EMAIL PROTECTED] > >>with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >> > > > > > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! Finance: Get your refund fast by filing online. > > http://taxes.yahoo.com/filing.html > > > > > > > -- > Mit freundlichen Gruessen > Bjoern Schmidt > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html
