Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    ngrep before iptables or iptables before ngrep

    Dear all,

    One of my colleague told me that
    ngrep is before iptables -> meaning that if i setup my iptables to block some traffic, doing an ngrep will still allow me to see the attempts coming in.
    is it correct ?
    I try to simulate the above statement by.

    On my server console
    1) iptables --policy INPUT drop
    2) ngrep -d eth0 port 22  (eth0 is my production interface)
    On my client console, open putty, choose ssh and input the server ip, and try to connect.

    On my server console, i saw this

    [root-server ~] ngrep -d eth0 port 22
    interface: eth0 (
    filter: (port 22) and (ip or ip6)
    It seems that everytime i try to attempt to connect, i saw a
    being display.

    Q1) What is the
    display ?
    Q2) In this case, how do i confirm that the incoming ssh request did indeed reach my server (since i cant see any content or source ip information at all) ?


  2. #2
    Help anyone ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts