Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » tips » Port Mirroring with iptables
Trace:
tips:port_mirror_commands

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

tips:port_mirror_commands [2020/10/14 15:30] – created navaneethtips:port_mirror_commands [2020/10/14 15:47] (current) navaneeth
Line 7: Line 7:
 We need both inbound and outbound traffic, so using the commands, We need both inbound and outbound traffic, so using the commands,
 <code>iptables -t mangle -I PREROUTING -j TEE –gateway 10.20.0.129</code> <code>iptables -t mangle -I PREROUTING -j TEE –gateway 10.20.0.129</code>
-“PREROUTING” is before routing decision happens+**“PREROUTING”** is before routing decision happens
 <code>iptables -t mangle -I POSTROUTING -j TEE –gateway 10.20.0.129</code> <code>iptables -t mangle -I POSTROUTING -j TEE –gateway 10.20.0.129</code>
-“POSTROUTING” is after routing decision+**“POSTROUTING”** is after routing decision 
 + 
 +===== 2. Ping Windows using tcpdump  ===== 
 +After the rules are applied, ping “Windows XP client” from “Ubuntu” using tcpdump 
 + 
 +<code>tcpdump -i any -n</code> 
 + 
 +===== 3. Viewing the iptables ===== 
 +To view the iptables from command line, use the commands. 
 +<code>iptables -t mangle -S</code> 
 +or 
 +<code>iptables -t mangle -L</code> 
 + 
 +===== 4. Removing the iptables ===== 
 +To remove the rules for iptables, use the following commands. 
 +<code>iptables -t mangle -D PREROUTING -j TEE –gateway 10.20.0.129</code> 
 +<code>iptables -t mangle -D POSTROUTING -j TEE –gateway 10.20.0.129</code> 
 + 
 + 
 + 
 + 
tips/port_mirror_commands.txt · Last modified: 2020/10/14 15:47 by navaneeth