PaulDotCom mailing list archives
cloning traffic with iptables
From: sbuhlig at gmail.com (Sam Buhlig)
Date: Tue, 6 Jan 2009 13:48:53 -0500
You can buy cards that will do it on wired. The one area I would be careful about is if it has fail over or not. If it does not have fail over then you could have a real problem if that machine lost power or needed maintenance, considering it has to be hooked to the main line. Just something to consider. Don't know how it would apply going wireless. Best of luck. On Tue, Jan 6, 2009 at 12:54 PM, Robin Wood <dninja at gmail.com> wrote:
2009/1/6 Sam Buhlig <sbuhlig at gmail.com>:One of the guys in my 2600 group has a nice little solution that I amgoingto test at home. Here is a link to his presentation that he made. http://cinci2600.com/?fuseaction=download.go&id=29 Shows how to make a passive ether tap.That is what I'm trying to do but I think the difficulty I'm having is spitting the data out through the wireless interface rather than wired. Something I noticed that someone else mentioned in passing was interface bonding, I haven't heard of that so I'll have to look into it, I just assumed they were talking about bridging last time. RobinHere is some other cool presentations that can be downloaded. http://cinci2600.com/?fuseaction=download.show SamIAm On Tue, Jan 6, 2009 at 9:06 AM, Mike Patterson <mike.patterson at unb.ca> wrote:Robin Wood wrote on 1/6/09 4:23 AM:2009/1/6 Don Berry <don_berry at comcast.net>:Do it upstream on the network interfaces. Use the switch that the interface is connected to and do port mirroring or cloning.I'm designing a device which can be dropped onto any point of a network to sniff traffic so need the device itself to do it.Am I being simple, or is what you want just a bridge? I did this with a FreeBSD box, just bridged em0 to em1 and sniffed on the bridge device. No reason you shouldn't be able to do something similar with iptables, no? (Of course, I hate iptables, which is why it was a BSD box and not a Linux box, but I digress.) Mike _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090106/22f0750c/attachment.htm
Current thread:
- cloning traffic with iptables Robin Wood (Jan 01)
- cloning traffic with iptables Don Berry (Jan 05)
- cloning traffic with iptables Robin Wood (Jan 06)
- cloning traffic with iptables Mike Patterson (Jan 06)
- cloning traffic with iptables Robin Wood (Jan 06)
- cloning traffic with iptables Sam Buhlig (Jan 06)
- cloning traffic with iptables Robin Wood (Jan 06)
- cloning traffic with iptables Sam Buhlig (Jan 06)
- cloning traffic with iptables Robin Wood (Jan 06)
- cloning traffic with iptables Don Berry (Jan 05)