Snort mailing list archives

Re: Disappointed: I spent S$109 on a Buffalo DD-WRT router but can't get port mirroring to work

From: Teo En Ming <teo.en.ming () gmail com>
Date: Fri, 04 Apr 2014 23:40:07 +0800

My Asus RT-N15U wireless router is not supported on OpenWRT. Only theRT-N15 model is supported.

According to your reply, you have no hope of getting port mirroring towork with my Buffalo WZR-HP-G300NH2 wireless router at all?


Sob sob sob. I wasted my money.

--
Yours sincerely,

Teo En Ming



On 05/04/2014 02:02, Bill Parker wrote:

You could try OpenWRT, which does support mirroring. Another methodwould be to put in a intelligent switch for all hardware on yournetwork which would give you the same thing as a SPAN/mirror port.

I have NOT tried the OpenWRT firmware, so I would exercise cautionwith changing the DD-WRT firmware to OpenWRT, but if you still haveyour ASUS router, it might handle the OpenWRT firmware just fine.


http://wiki.wireshark.org/SwitchReference

The above link is for switches which support mirroring/span (with somelinks to low cost solutions).

It would be nice if Buffalo/Asus and other router providers have aSPAN/mirror port built in, but that's the problem with consumerrouters (unfortunately).


Bill

On Fri, Apr 4, 2014 at 8:23 AM, Teo En Ming <teo.en.ming () gmail com<mailto:teo.en.ming () gmail com>> wrote:

Hi,

I am extremely disappointed. I spent SGD$109 on the Buffalo
WZR-HP-G300NH2 wireless router but can't get port mirroring to work.

I have tested the following 2 iptables commands with *all* of the
DD-WRT v24-SP2 firmware builds/versions from the year 2011 to the
year 2014 but still cannot get port mirroring to work.

# iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.1.40 --tee

# iptables -A POSTROUTING -t mangle -j ROUTE --gw 192.168.1.40 --tee

I bought my Buffalo DD-WRT router according to the recommendations
in http://www.snort.org/docs (Bill/William Parker's How to make
some Home Routers mirror traffic to Snort
<http://s3.amazonaws.com/snort-org/www/assets/217/Mirror_Traffic_With_Home_Router.pdf>
article) but I can't get port mirroring to work. Apparently *all*
of the DD-WRT v24-SP2 firmware builds/versions between 2011 and
2014 don't support the route target and tee.

What are my options now? I couldn't return the Buffalo DD-WRT
router to the distributor in Singapore and ask for a refund.

Are there any other firmware builds/versions which I can try to
get port mirroring to work? I have also filed a bug report with
http://www.dd-wrt.com. The bug report is here:
http://www.dd-wrt.com/dd-wrtv2/bugtracker/view.php?id=4522

I have also reported the issue on the DD-WRT forum but nobody is
replying to my thread.
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=260012

I also joined DD-WRT IRC channel on freenode but nobody is
replying to my questions.

*Sob sob sob sob sob sob*

What should I do? Please advise.

--Yours sincerely,


    Teo En Ming

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Disappointed: I spent S$109 on a Buffalo DD-WRT router but can't get port mirroring to work Teo En Ming (Apr 04)
- Message not available
  - Re: Disappointed: I spent S$109 on a Buffalo DD-WRT router but can't get port mirroring to work Teo En Ming (Apr 04)
    - Re: Disappointed: I spent S$109 on a Buffalo DD-WRT router but can't get port mirroring to work Joel Esler (jesler) (Apr 05)