What's new

Port Mirror? IDS

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

shooter40sw

Senior Member
Hi guys, is there a way to port mirror so I can sniff the the WAN traffic or us snort or suricata as IDS, I saw through a search on the web to use the iptables mangle, but it did not work for me, it did not send the packets to the virtual machine IP where I had snort on, I have not adventured with snort on the router because I have a mips router and dont think it can handle it.
Any other suggestion to have an IDS in the local network keeping things simple...
Thanks
 
This works for me.
Code:
iptables -t mangle -A PREROUTING  -j ROUTE --tee --gw 192.168.1.55
iptables -t mangle -A POSTROUTING -j ROUTE --tee --gw 192.168.1.55

Where 192.168.1.55 is a PC running, in my case, Wireshark.
 
This works for me.
Code:
iptables -t mangle -A PREROUTING  -j ROUTE --tee --gw 192.168.1.55
iptables -t mangle -A POSTROUTING -j ROUTE --tee --gw 192.168.1.55

Where 192.168.1.55 is a PC running, in my case, Wireshark.
Thanks its working
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top