Port Mirroring with iptables

This article provides the steps for configuring Port Mirroring with suitable commands. Port Mirroring is used to send a copy of packet to destination which was received on the interface depending on the configuration.

1. Commands to mirror

We need both inbound and outbound traffic, so using the commands,

iptables -t mangle -I PREROUTING -j TEE –gateway

“PREROUTING” is before routing decision happens

iptables -t mangle -I POSTROUTING -j TEE –gateway

“POSTROUTING” is after routing decision

2. Ping Windows using tcpdump

After the rules are applied, ping “Windows XP client” from “Ubuntu” using tcpdump

tcpdump -i any -n

3. Viewing the iptables

To view the iptables from command line, use the commands.

iptables -t mangle -S


iptables -t mangle -L

4. Removing the iptables

To remove the rules for iptables, use the following commands.

iptables -t mangle -D PREROUTING -j TEE –gateway
iptables -t mangle -D POSTROUTING -j TEE –gateway
