pdumpq can be used to take queued packets from netfilter/iptables and dump them to a file that decoders like tcpdump, ethereal, and snort can read. You can also just pipe it through to the packet decoder and see what is in those packets as they come in. This is also an easy way to populate your snort alert database with iptables data. Its features include automatic dumpfile rotation, filter on firewall marks and issue per-mark verdicts, and optional emailing of decoded packet dumps.
|Tags||Internet Security Networking Firewalls Monitoring Utilities|
|Operating Systems||POSIX Linux|
Release Notes: This release includes a fix for incomplete writing of mail, sanity checking for the external decoder path at startup, syslog support after detaching, a Sys-V init script, and various minor bugfixes.
Release Notes: This release removes dependency on all libpcap sources, includes compile-time support for RH-patched pcap libs, and fixes a struct tum (RH) problem.