Monitor Mode? HUB-Behaviour? Something like that...

5 posts / 0 new
Last post
Tue, 03/03/2009 - 2:13am
#1
Goddchen
Goddchen's picture
Monitor Mode? HUB-Behaviour? Something like that...

Hi everyone :)

I need to attach a monitor device to my WGR614L. I'll run tcpdump there and need to monitor the traffic of another machine which is connected on one of the LAN ports.

Is there any way to achieve this?

Since it's a switch in the router and not a hub i won't receive any packets which are not addressed to my mac address.

Any ideas?

 

Goddchen

Top
Tue, 03/03/2009 - 1:29pm
Permalink
ciscostu
ciscostu's picture
The iptables ROUTE target

The iptables ROUTE target (experimental) offers an option to clone traffic- 

--tee             Route a copy of the packet, but continue traversing the rules with the original packet, undisturbed.

http://www.netfilter.org/projects/patch-o-matic/pom-external.html

Hope this helps,

Charlie

Top
Wed, 03/04/2009 - 3:30am
Permalink
Goddchen
Goddchen's picture
Hey, thx!

Hey, thx!
It's works perfectly :)
i did

iptables -A -t mangle -s -j ROUTE --gw --tee

great :)

Top
Thu, 03/12/2009 - 3:15am
Permalink
Goddchen
Goddchen's picture
btw: have a look here, i

btw: have a look here, i wrote a little blog post explaining my solution
http://blog.goddchen.de/2009/03/port-mirroring-span-port-monitor-port-wi...

Top
Fri, 03/13/2009 - 9:19am
Permalink
Goddchen
Goddchen's picture
Submitted the article, it's

Submitted the article, it's in moderation queue right now...

Top