[Pauldotcom] cloning traffic with iptables
Mike Patterson
mike.patterson at unb.ca
Tue Jan 6 14:06:57 UTC 2009
Robin Wood wrote on 1/6/09 4:23 AM:
> 2009/1/6 Don Berry <don_berry at comcast.net>:
>> Do it upstream on the network interfaces. Use the switch that the interface
>> is connected to and do port mirroring or cloning.
>
> I'm designing a device which can be dropped onto any point of a
> network to sniff traffic so need the device itself to do it.
Am I being simple, or is what you want just a bridge? I did this with a
FreeBSD box, just bridged em0 to em1 and sniffed on the bridge device.
No reason you shouldn't be able to do something similar with iptables,
no? (Of course, I hate iptables, which is why it was a BSD box and not
a Linux box, but I digress.)
Mike
More information about the Pauldotcom
mailing list