iptables_tee_port_mirror
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
| iptables_tee_port_mirror [2017/12/31 08:52] – [Debian 9 (stretch) example] admin | iptables_tee_port_mirror [2017/12/31 09:16] – [PCEngines APU2 - iptables tee / clone packets] admin | ||
|---|---|---|---|
| Line 3: | Line 3: | ||
| __From the manual:__ The TEE target will clone a packet and redirect this clone to another machine on the **local** network segment. In other words, the nexthop must be the target, or you will have to configure the nexthop to forward it further if so desired. | __From the manual:__ The TEE target will clone a packet and redirect this clone to another machine on the **local** network segment. In other words, the nexthop must be the target, or you will have to configure the nexthop to forward it further if so desired. | ||
| - | If you don't have a switch with mirror / span ports, you can use iptables to clone the packets to another machine on the same subnet. | + | If you don't have a switch with mirror / span ports, you can use iptables to clone the packets to another machine on the same subnet. That monitor box needs to be on the layer 3 network, it needs to be reachable by IP address. |
| ====Overview==== | ====Overview==== | ||
| Line 57: | Line 57: | ||
| 52M 81G TEE all -- br0 * | 52M 81G TEE all -- br0 * | ||
| </ | </ | ||
| - | * Now you can monitor the traffic on the monitorbox with tcpdump, SELKS, Security Onion, etc. | + | * Now you can monitor the traffic on the monitorbox with tcpdump, suricata, bro, SELKS, Security Onion, etc. |
| {{tag> | {{tag> | ||
iptables_tee_port_mirror.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1