[Pauldotcom] cloning traffic with iptables
Robin Wood
dninja at gmail.com
Tue Jan 6 09:23:01 UTC 2009
2009/1/6 Don Berry <don_berry at comcast.net>:
> Do it upstream on the network interfaces. Use the switch that the interface
> is connected to and do port mirroring or cloning.
I'm designing a device which can be dropped onto any point of a
network to sniff traffic so need the device itself to do it.
Robin
>
> -----Original Message-----
> From: pauldotcom-bounces at mail.pauldotcom.com
> [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Robin Wood
> Sent: Thursday, January 01, 2009 3:12 PM
> To: PaulDotCom Security Weekly Mailing List
> Subject: Re: [Pauldotcom] cloning traffic with iptables
>
> 2008/12/30 Robin Wood <dninja at gmail.com>:
>> 2008/12/30 Nick Baronian <nbaronian at gmail.com>:
>>> I am a pretty sure Daemonlogger is much more efficient and less buggy but
>>> there is a tee add-on available in the xtables add-on that will copy the
>>> traffic within iptables to another nic. I have not used this version but
> I
>>> got decent results from the old patch-o-matic iptables add-on.
>>> http://jengelh.medozas.de/projects/xtables/
>>> -Nick
>>
>> Both of those seem like they will do what I want, the only potential
>> problem is that this app has to run on a mips processor. Looks like
>> I'll have to brush up on my cross compiler skills.
>>
>> If anyone has any processor independent way of doing this feel free to
> shout up.
>
> I'm having trouble getting either of these to build on the mips
> processor, can anyone suggest a way to do this without an addon?
>
> Robin
>
>
>>
>> Robin
>>
>>>
>>> On Mon, Dec 29, 2008 at 8:17 PM, <byte.bucket at 4a44.com> wrote:
>>>>
>>>> Have a look at Daemonlogger. I believe it will do exactly what you
> want.
>>>> http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html
>>>>
>>>> --
>>>> byte_bucket
>>>>
>>>> > Hi
>>>> > Is there a way to use ip tables to copy all traffic on an interface to
>>>> > a second interface?
>>>> >
>>>> > The setup I have is I have a machine with two NICs, I want to copy all
>>>> > traffic to or from eth0 to eth1 so another machine connected to eth1
>>>> > can then use tcpdump to capture and monitor traffic.
>>>> >
>>>> > Robin
>>>> > _______________________________________________
>>>> > Pauldotcom mailing list
>>>> > Pauldotcom at mail.pauldotcom.com
>>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>> > Main Web Site: http://pauldotcom.com
>>>> >
>>>>
>>>>
>>>> _______________________________________________
>>>> Pauldotcom mailing list
>>>> Pauldotcom at mail.pauldotcom.com
>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>> Main Web Site: http://pauldotcom.com
>>>
>>>
>>> _______________________________________________
>>> Pauldotcom mailing list
>>> Pauldotcom at mail.pauldotcom.com
>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>> Main Web Site: http://pauldotcom.com
>>>
>>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
More information about the Pauldotcom
mailing list