How do I read the contents of incoming network packets without using promiscuous mode?

To do this, make use of Netfilter module ip_queue. Using this module, packets are passed out of the stack for queueing to userspace. Applications can read from these queues, modify the packets and then re-insert it back into the kernel.

Load Module

modprobe iptable_filter

modprobe ip_queue

The following is an IPTables rule to take advantage of this...

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)

Select Your Language

How do I read the contents of incoming network packets without using promiscuous mode?

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links