This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Nflog and Nfqueue interfaces

0

Is it normal to have nflog and nfqueue in my interfaces list? It's an ubuntu desktop system running ufw. I don`t remember having those interfaces when i first installed wireshark.

asked 16 Oct '15, 12:23

Ciohap22's gravatar image

Ciohap22
11226
accept rate: 0%

edited 16 Oct '15, 13:37

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


One Answer:

1

Is it normal to have nflog and nfqueue in my interfaces list?

On Linux, with a sufficiently recent version of libpcap, yes, it's normal. People wanted to be able to capture some forms of netfilter traffic and analyze it with tcpdump, Wireshark, etc., so that capability was added to libpcap.

answered 16 Oct '15, 13:37

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

So those are 2 interfaces created by wireshark when it was installed?

(17 Oct '15, 01:01) Ciohap22
1

No. Wireshark doesn't create interfaces. Wireshark uses libpcap to do traffic capture; libpcap doesn't create interfaces, either, it just allows capturing on things that aren't regular network interfaces, such as the nflog and nfqueue hooks into the Linux netfilter mechanism.

(17 Oct '15, 11:03) Guy Harris ♦♦