How do I read the contents of incoming network packets without using promiscuous mode?
Updated -
To do this, make use of Netfilter module ip_queue
. Using this module, packets are passed out of the stack for queueing to userspace. Applications can read from these queues, modify the packets and then re-insert it back into the kernel.
Load Module
modprobe iptable_filter
modprobe ip_queue
The following is an IPTables rule to take advantage of this...
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.