PaulDotCom mailing list archives
cloning traffic with iptables
From: dninja at gmail.com (Robin Wood)
Date: Tue, 6 Jan 2009 14:48:00 +0000
2009/1/6 Mike Patterson <mike.patterson at unb.ca>:
Robin Wood wrote on 1/6/09 4:23 AM:2009/1/6 Don Berry <don_berry at comcast.net>:Do it upstream on the network interfaces. Use the switch that the interface is connected to and do port mirroring or cloning.I'm designing a device which can be dropped onto any point of a network to sniff traffic so need the device itself to do it.Am I being simple, or is what you want just a bridge? I did this with a FreeBSD box, just bridged em0 to em1 and sniffed on the bridge device. No reason you shouldn't be able to do something similar with iptables, no? (Of course, I hate iptables, which is why it was a BSD box and not a Linux box, but I digress.)
I have the bridge in place between eth0 and eth1 but what I want to do is to send a copy of all the traffic that goes over the bridge via wireless to a second machine which can then analyse it. I've managed to get something working using daemonlogger but I think the encapsulation is messed up as sniffing the traffic I either get a load of deauth messages coming from it or a load of LLC and XID messages. Robin
Current thread:
- cloning traffic with iptables Robin Wood (Jan 01)
- cloning traffic with iptables Don Berry (Jan 05)
- cloning traffic with iptables Robin Wood (Jan 06)
- cloning traffic with iptables Mike Patterson (Jan 06)
- cloning traffic with iptables Robin Wood (Jan 06)
- cloning traffic with iptables Sam Buhlig (Jan 06)
- cloning traffic with iptables Robin Wood (Jan 06)
- cloning traffic with iptables Sam Buhlig (Jan 06)
- cloning traffic with iptables Robin Wood (Jan 06)
- cloning traffic with iptables Don Berry (Jan 05)