On Friday 05 July 2002 00:45, christophe barb� wrote: > On Fri, Jul 05, 2002 at 08:35:53AM +1000, George Vieira wrote: > > Yes I've found that some user space programs can see stuff before > > iptables.. tcpdump too I think... > > Yes it sounds logical for tcpdump or tools like that (which pass the > interface in promiscuisious mode) to see everything. I was not expecting > the same from a unprivileged app like gkrellm. > It is stil unclear for me what is the data processing path. > > Has someone a clear picture of the packets path ?
It is no problem to open a socket and receive a copy of all raw packets before they get to the kernel iptables modules. See "man 7 packet" for details. I believe this is how tcpdump does it too. Jan Humme.
