Posted: Tue Nov 10, 2020 23:29 Post subject: port-mirroring for IDS
I would like to do port mirroring on my WAP. I have a Netgear router running the latest firmware version. I have done some research, and it looks like the only way to accomplish this is through iptables rules. But I am having trouble coming up with the right syntax.
0.10 is the host that is my IDS server. I would like it to ingest wireless and wired data. How can I get this to see all the packets going across my network?
This would only hit traffic that is going across the router (ie WAN to LAN and LAN to WAN) it might get WLAN to LAN and LAN to WLAN, but will not get the WLAN to WLAn traffic or LAN to LAN
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Thu Nov 12, 2020 17:28 Post subject:
I doubt you can do it on a WAP a WAP is nothing more than a switch with AP.
To do port mirroring:
Install full iptables via Entware
To clone all incoming and outgoing traffic for pc 192.168.1.15 on your router (say, 192.168.1.1). and redirect to a spying pc 192.168.1.100, use:
iptables -t mangle -A POSTROUTING -d 192.168.1.15 -j TEE --gateway 192.168.1.100
iptables -t mangle -A PREROUTING -s 192.168.1.15 -j TEE --gateway 192.168.1.100 _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087