What's new
By:

Port Mirror? IDS

shooter40sw

shooter40sw

Senior Member
Hi guys, is there a way to port mirror so I can sniff the the WAN traffic or us snort or suricata as IDS, I saw through a search on the web to use the iptables mangle, but it did not work for me, it did not send the packets to the virtual machine IP where I had snort on, I have not adventured with snort on the router because I have a mips router and dont think it can handle it.
Any other suggestion to have an IDS in the local network keeping things simple...
Thanks
 
This works for me.
Code: 
iptables -t mangle -A PREROUTING  -j ROUTE --tee --gw 192.168.1.55
iptables -t mangle -A POSTROUTING -j ROUTE --tee --gw 192.168.1.55

Where 192.168.1.55 is a PC running, in my case, Wireshark.
 
ColinTaylor said:
This works for me.
Code: 
iptables -t mangle -A PREROUTING  -j ROUTE --tee --gw 192.168.1.55
iptables -t mangle -A POSTROUTING -j ROUTE --tee --gw 192.168.1.55

Where 192.168.1.55 is a PC running, in my case, Wireshark.
Click to expand...
Thanks its working
 
You must log in or register to reply here.

Similar threads

M
Strange mirror network with hex ID name.
Replies
7
Views
707
ColinTaylor
C
maghuro
Suggestion: Allow selecting interface for NAT rules (Virtual Server / Port Forwarding)
Replies
2
Views
525
maghuro
maghuro
V
Network Optimization for PUBG Mobile / iPad Pro M4 / ASUS Merlin
Replies
0
Views
557
Vint87
V
garycnew
VPNDirector Source/Destination Port-Based Split-Tunneling Rules Not Possible?
Replies
6
Views
1K
garycnew
garycnew
M
Intermittent connectivity issues
Replies
4
Views
416
Tech9
Tech9
Similar threads
Thread starter Title Forum Replies Date
G Looking for help Trunking on WAN Port RT-AX86U 3004.388.11 Asuswrt-Merlin 10
S MerlinWRT port forward over VPN (VPN director connection) Asuswrt-Merlin 1
D 2.5G WAN port on GT-BE19000AI throttles uploads Asuswrt-Merlin 0
maghuro Suggestion: Allow selecting interface for NAT rules (Virtual Server / Port Forwarding) Asuswrt-Merlin 2
D AICloud content streaming port (default: 8082) Asuswrt-Merlin 1
A Ethernet Port Speed Unstable (drops down to 100) Asuswrt-Merlin 2
P [Security] SSH port opened to WAN even though "Enable SSH" is set to "LAN only" Asuswrt-Merlin 3
el_pedr0 Tutorial Automatically update qbittorrent connection port on ubuntu with ProtonVPN port forwarding via Wireguard on Merlin Asuswrt-Merlin 4
C Unknown service with TCP port open on the WAN interface of the router Asuswrt-Merlin 11
C How to set 10MB half duplex on a LAN port for RT-BE86U Asuswrt-Merlin 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 4,247 (members: 16, guests: 4,231)
Back
Top