iptables_tee_port_mirror
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| iptables_tee_port_mirror [2017/12/31 08:52] – [Debian 9 (stretch) example] admin | iptables_tee_port_mirror [2021/10/09 15:14] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 3: | Line 3: | ||
| __From the manual:__ The TEE target will clone a packet and redirect this clone to another machine on the **local** network segment. In other words, the nexthop must be the target, or you will have to configure the nexthop to forward it further if so desired. | __From the manual:__ The TEE target will clone a packet and redirect this clone to another machine on the **local** network segment. In other words, the nexthop must be the target, or you will have to configure the nexthop to forward it further if so desired. | ||
| - | If you don't have a switch with mirror / span ports, you can use iptables to clone the packets to another machine on the same subnet. | + | If you don't have a switch with mirror / span ports, you can use iptables to clone the packets to another machine on the same subnet. That monitor box needs to be on the same layer 2 network, and it needs to be reachable by IP address. |
| ====Overview==== | ====Overview==== | ||
| Line 57: | Line 57: | ||
| 52M 81G TEE all -- br0 * | 52M 81G TEE all -- br0 * | ||
| </ | </ | ||
| - | * Now you can monitor the traffic on the monitorbox with tcpdump, suricata, SELKS, Security Onion, etc. | + | * Now you can monitor the traffic on the monitorbox with tcpdump, suricata, bro, SELKS, Security Onion, etc. |
| {{tag> | {{tag> | ||
iptables_tee_port_mirror.1514710367.txt.gz · Last modified: 2017/12/31 08:52 by admin