Kaian
commented
8 months ago Hi @fortionfortune
sngrep relays on libpcap for packet capture (like tcpdump), and it seems to work below netfilter layer. That means that incoming traffic will be captured before being filtering but outgoing traffic will be filtered before captured.
I don't think libpcap offers any option to changes this behaviour.
Best regards
Is it feasible to implement a feature that allows sngrep to capture packets after they have been processed by iptables, strongSwan (IPsec tunnels), vlans and other network layers? After ip stack. Interface level capturing is very fast and good, but sometimes I feel tired to use tcpdump and then open pcap file in sngrep.