cloning traffic with iptables

[don_berry at comcast.net (Don Berry)]

Do it upstream on the network interfaces. Use the switch that the interface
is connected to and do port mirroring or cloning. 

-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Robin Wood
Sent: Thursday, January 01, 2009 3:12 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] cloning traffic with iptables

2008/12/30 Robin Wood <dninja at gmail.com>:
> 2008/12/30 Nick Baronian <nbaronian at gmail.com>:
> > I am a pretty sure Daemonlogger is much more efficient and less buggy but
> > there is a tee add-on available in the xtables add-on that will copy the
> > traffic within iptables to another nic.  I have not used this version but
I
> > got decent results from the old patch-o-matic iptables add-on.
> > http://jengelh.medozas.de/projects/xtables/
> > -Nick
>
> Both of those seem like they will do what I want, the only potential
> problem is that this app has to run on a mips processor. Looks like
> I'll have to brush up on my cross compiler skills.
>
> If anyone has any processor independent way of doing this feel free to
shout up.

I'm having trouble getting either of these to build on the mips
processor, can anyone suggest a way to do this without an addon?

Robin


> Robin
>
> > On Mon, Dec 29, 2008 at 8:17 PM, <byte.bucket at 4a44.com> wrote:
> > > Have a look at Daemonlogger.  I believe it will do exactly what you
want.
> > > http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html
> > >
> > > --
> > > byte_bucket
> > >
> > > > Hi
> > > > Is there a way to use ip tables to copy all traffic on an interface to
> > > > a second interface?
> > > >
> > > > The setup I have is I have a machine with two NICs, I want to copy all
> > > > traffic to or from eth0 to eth1 so another machine connected to eth1
> > > > can then use tcpdump to capture and monitor traffic.
> > > >
> > > > Robin
> > > > _______________________________________________
> > > > Pauldotcom mailing list
> > > > Pauldotcom at mail.pauldotcom.com
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > Main Web Site: http://pauldotcom.com
> > >
> > >
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com