Host C is using wireshark to sniff packets from Host A to Host B. I am able to see those packets from wireshark but I am not able to find them in the PREROUTING chain of iptables. When Host C arpspoofs Host A and B, I can then see the packets in my PREROUTING chain.
Without arpspoofing, those packets that I sniffed from A to B will appear in which chain of the iptables?