Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    ngrep before iptables or iptables before ngrep


    Dear all,

    One of my colleague told me that
    ngrep is before iptables -> meaning that if i setup my iptables to block some traffic, doing an ngrep will still allow me to see the attempts coming in.
    is it correct ?
    I try to simulate the above statement by.

    On my server console
    Code:
    1) iptables --policy INPUT drop
    2) ngrep -d eth0 port 22  (eth0 is my production interface)
    On my client console, open putty, choose ssh and input the server ip, and try to connect.

    On my server console, i saw this

    Code:
    [root-server ~] ngrep -d eth0 port 22
    interface: eth0 (192.168.0.0/255.255.255.0)
    filter: (port 22) and (ip or ip6)
    ###
    It seems that everytime i try to attempt to connect, i saw a
    Code:
    "#"
    being display.

    Q1) What is the
    Code:
    #
    display ?
    Q2) In this case, how do i confirm that the incoming ssh request did indeed reach my server (since i cant see any content or source ip information at all) ?

    Regards,
    Noob

  2. #2
    Help anyone ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •