Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


iptables_tee_port_mirror

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
iptables_tee_port_mirror [2017/12/31 09:52]
admin [Debian 9 (stretch) example]
iptables_tee_port_mirror [2017/12/31 10:16]
admin [PCEngines APU2 - iptables tee / clone packets]
Line 3: Line 3:
 __From the manual:__ The TEE target will clone a packet and redirect this clone to another machine on the **local** network segment. In other words, the nexthop must be the target, or you will have to configure the nexthop to forward it further if so desired. __From the manual:__ The TEE target will clone a packet and redirect this clone to another machine on the **local** network segment. In other words, the nexthop must be the target, or you will have to configure the nexthop to forward it further if so desired.
  
-If you don't have a switch with mirror / span ports, you can use iptables to clone the packets to another machine on the same subnet.+If you don't have a switch with mirror / span ports, you can use iptables to clone the packets to another machine on the same subnet. That monitor box needs to be on the layer 3 network, it needs to be reachable by IP address.
  
 ====Overview==== ====Overview====
Line 57: Line 57:
   52M   81G TEE        all  --  br0    *       0.0.0.0/           0.0.0.0/           TEE gw:10.1.1.6   52M   81G TEE        all  --  br0    *       0.0.0.0/           0.0.0.0/           TEE gw:10.1.1.6
 </code> </code>
-  * Now you can monitor the traffic on the monitorbox with tcpdump, suricata, SELKS, Security Onion, etc. +  * Now you can monitor the traffic on the monitorbox with tcpdump, suricata, bro, SELKS, Security Onion, etc. 
 {{tag>[iptables tee port mirror clone]}} {{tag>[iptables tee port mirror clone]}}
  
iptables_tee_port_mirror.txt ยท Last modified: 2017/12/31 10:17 by admin