Table of Contents
Port Mirroring with iptables
This article provides the steps for configuring Port Mirroring with suitable commands. Port Mirroring is used to send a copy of packet to destination which was received on the interface depending on the configuration.
1. Commands to mirror
We need both inbound and outbound traffic, so using the commands,
iptables -t mangle -I PREROUTING -j TEE –gateway 10.20.0.129
“PREROUTING” is before routing decision happens
iptables -t mangle -I POSTROUTING -j TEE –gateway 10.20.0.129
“POSTROUTING” is after routing decision
2. Ping Windows using tcpdump
After the rules are applied, ping “Windows XP client” from “Ubuntu” using tcpdump
tcpdump -i any -n
3. Viewing the iptables
To view the iptables from command line, use the commands.
iptables -t mangle -S
iptables -t mangle -L
4. Removing the iptables
To remove the rules for iptables, use the following commands.
iptables -t mangle -D PREROUTING -j TEE –gateway 10.20.0.129
iptables -t mangle -D POSTROUTING -j TEE –gateway 10.20.0.129