问题
If my development machine has an iptables rule to FORWARD some packets, are those packets being captured by tcpdump? I have this question because I know there exist other chain called INPUT which filters packets to apps, if a packet is routed to FORWARD chain, will it reach tcpdump app?
May you make some reliable reference to official documentation or express well explained ideas to solve this question?
回答1:
TCPDump captures traffic from the hardware device. Iptables handles network frames at a different level.
So the answer is no, TCPDump will capture traffic only when it passes through the network card. IPtables can be taking inbound traffic on a card that TCPDump is monitoring, but may send it outbound on a different network card that is not being monitored by TCPDump.
Just remember, TCPDump will catch the traffic only if it passes through the network card.
来源:https://stackoverflow.com/questions/43002164/is-tcpdump-affected-by-iptables-filtering