0

I am running Ubuntu on my machine and want to write some sniffer scripts. But I am getting packets related to my NIC only even if I run my Interface in promisc mode. Is there any IPTABLE rules that i need to put on so that i can get entrie packets on the network?? Please help. I am using python for everything i am doing , if it helps

bibek shrestha
  • 448
  • 3
  • 9

1 Answers1

1

In a modern switched network, you system is in general only going to see two kinds of traffic: unicast traffic explicitly directed to your system and broadcast traffic that is visible to all systems. Nothing you can do in your code will make other traffic on the network visible to you. Enabling promiscuous mode on your interfaces in this situation is going to net you very little additional traffic.

This is less true in a network with a shared bus -- such as WifI, or back in the old days when we used hubs instead of switches.

Netfilter -- the Linux firewall you manipulate with the iptables command -- really only operates on the layer 3 (ip) level, and isn't going to affect what traffic is visible to your interface.

larsks
  • 277,717
  • 41
  • 399
  • 399
  • then, I shall instead direct the traffic from my system (like proxy) to do the stuffs...am i right – bibek shrestha Jan 20 '14 at 04:57
  • If its true, how ETTERCAP, wireshark are able to log network traffics? – bibek shrestha Jan 20 '14 at 04:57
  • They log the network traffic that is visible on your interface. If running wireshark on your host nets traffic that you're not able to see with your Python code, you can at least be sure the problem is with your code and not with `iptables`. – larsks Jan 20 '14 at 05:00