PaulDotCom mailing list archives
cloning traffic with iptables
From: dninja at gmail.com (Robin Wood)
Date: Tue, 6 Jan 2009 09:23:01 +0000
2009/1/6 Don Berry <don_berry at comcast.net>:
Do it upstream on the network interfaces. Use the switch that the interface is connected to and do port mirroring or cloning.
I'm designing a device which can be dropped onto any point of a network to sniff traffic so need the device itself to do it. Robin
-----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Robin Wood Sent: Thursday, January 01, 2009 3:12 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] cloning traffic with iptables 2008/12/30 Robin Wood <dninja at gmail.com>:2008/12/30 Nick Baronian <nbaronian at gmail.com>:I am a pretty sure Daemonlogger is much more efficient and less buggy but there is a tee add-on available in the xtables add-on that will copy the traffic within iptables to another nic. I have not used this version butIgot decent results from the old patch-o-matic iptables add-on. http://jengelh.medozas.de/projects/xtables/ -NickBoth of those seem like they will do what I want, the only potential problem is that this app has to run on a mips processor. Looks like I'll have to brush up on my cross compiler skills. If anyone has any processor independent way of doing this feel free toshout up. I'm having trouble getting either of these to build on the mips processor, can anyone suggest a way to do this without an addon? RobinRobinOn Mon, Dec 29, 2008 at 8:17 PM, <byte.bucket at 4a44.com> wrote:Have a look at Daemonlogger. I believe it will do exactly what youwant.http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html -- byte_bucketHi Is there a way to use ip tables to copy all traffic on an interface to a second interface? The setup I have is I have a machine with two NICs, I want to copy all traffic to or from eth0 to eth1 so another machine connected to eth1 can then use tcpdump to capture and monitor traffic. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- cloning traffic with iptables Robin Wood (Jan 01)
- cloning traffic with iptables Don Berry (Jan 05)
- cloning traffic with iptables Robin Wood (Jan 06)
- cloning traffic with iptables Mike Patterson (Jan 06)
- cloning traffic with iptables Robin Wood (Jan 06)
- cloning traffic with iptables Sam Buhlig (Jan 06)
- cloning traffic with iptables Robin Wood (Jan 06)
- cloning traffic with iptables Sam Buhlig (Jan 06)
- cloning traffic with iptables Robin Wood (Jan 06)
- cloning traffic with iptables Don Berry (Jan 05)