[Pauldotcom] cloning traffic with iptables
Sam Buhlig
sbuhlig at gmail.com
Tue Jan 6 18:48:53 UTC 2009
You can buy cards that will do it on wired. The one area I would be careful
about is if it has fail over or not. If it does not have fail over then you
could have a real problem if that machine lost power or needed maintenance,
considering it has to be hooked to the main line. Just something to
consider. Don't know how it would apply going wireless. Best of luck.
On Tue, Jan 6, 2009 at 12:54 PM, Robin Wood <dninja at gmail.com> wrote:
> 2009/1/6 Sam Buhlig <sbuhlig at gmail.com>:
> > One of the guys in my 2600 group has a nice little solution that I am
> going
> > to test at home. Here is a link to his presentation that he made.
> >
> > http://cinci2600.com/?fuseaction=download.go&id=29
> >
> > Shows how to make a passive ether tap.
>
> That is what I'm trying to do but I think the difficulty I'm having is
> spitting the data out through the wireless interface rather than
> wired. Something I noticed that someone else mentioned in passing was
> interface bonding, I haven't heard of that so I'll have to look into
> it, I just assumed they were talking about bridging last time.
>
> Robin
>
> >
> > Here is some other cool presentations that can be downloaded.
> >
> > http://cinci2600.com/?fuseaction=download.show
> >
> > SamIAm
> >
> > On Tue, Jan 6, 2009 at 9:06 AM, Mike Patterson <mike.patterson at unb.ca>
> > wrote:
> >>
> >> Robin Wood wrote on 1/6/09 4:23 AM:
> >> > 2009/1/6 Don Berry <don_berry at comcast.net>:
> >> >> Do it upstream on the network interfaces. Use the switch that the
> >> >> interface
> >> >> is connected to and do port mirroring or cloning.
> >> >
> >> > I'm designing a device which can be dropped onto any point of a
> >> > network to sniff traffic so need the device itself to do it.
> >>
> >> Am I being simple, or is what you want just a bridge? I did this with a
> >> FreeBSD box, just bridged em0 to em1 and sniffed on the bridge device.
> >> No reason you shouldn't be able to do something similar with iptables,
> >> no? (Of course, I hate iptables, which is why it was a BSD box and not
> >> a Linux box, but I digress.)
> >>
> >> Mike
> >> _______________________________________________
> >> Pauldotcom mailing list
> >> Pauldotcom at mail.pauldotcom.com
> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> >> Main Web Site: http://pauldotcom.com
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> >
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090106/22f0750c/attachment.htm
More information about the Pauldotcom
mailing list