This simple hack will allow to see promisc traffic in raw table of
iptables. Of course you will need to enable promisc on the interface.
Refer to README.promisc for details.
Example how to catch desired traffic:
iptables -A PREROUTING -t raw -i eth2 -j NETFLOW
--- linux-2.6.26/net/ipv4/ip_input.old.c 2008-07-14 01:51:29.000000000 +0400
+++ linux-2.6.26/net/ipv4/ip_input.c 2008-08-06 14:02:16.000000000 +0400
@@ -378,12 +378,6 @@
struct iphdr *iph;
u32 len;
- /* When the interface is in promisc. mode, drop all the crap
- * that it receives, do not try to analyse it.
- */
- if (skb->pkt_type == PACKET_OTHERHOST)
- goto drop;
-
IP_INC_STATS_BH(IPSTATS_MIB_INRECEIVES);
if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) {