Port mirroring?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3
Author Message
Leaf131
DD-WRT Novice


Joined: 04 Dec 2015
Posts: 1

PostPosted: Fri Dec 04, 2015 11:34    Post subject: Reply with quote
Hi, i am trying to implement port mirroring on a linksys wrt54gl router with Firmware: DD-WRT v24-sp2 (07/22/09) std.

I ran the following commands:
iptables -t mangle -A POSTROUTING -d 192.168.10.105 -j ROUTE --tee --gw 192.168.10.128
iptables -t mangle -A PREROUTING -s 192.168.10.105 -j ROUTE --tee --gw 192.168.10.128

where 105 is the ip i want to monitor on 128.

When i check the ip table the output is as follows:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
ROUTE 0 -- 192.168.10.105 anywhere ROUTE gw:192.168.10.128 tee
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
ROUTE 0 -- anywhere 192.168.10.105 ROUTE gw:192.168.10.128 tee


It seems that the commands worked, but when i run Wireshark on my PC (Win 7) connected via 192.168.10.128 I don't see any packets from or for 192.168.10.105. I need to sniff TCP packets which i send from 192.168.10.105 to 192.168.10.51 to confirm they are not broken and forwarded correctly.
I have disabled the WAN because I am using the router only as switch. Have I forgotten something? Has someone an Idea what my problem could be?

PS: I have connected all devices to the switch port and nothing connected to the WAN port
Sponsor
LOM
DD-WRT Guru


Joined: 28 Dec 2008
Posts: 7632

PostPosted: Fri Dec 04, 2015 12:08    Post subject: Reply with quote
Leaf131 wrote:

I have disabled the WAN because I am using the router only as switch. Have I forgotten something? Has someone an Idea what my problem could be?

PS: I have connected all devices to the switch port and nothing connected to the WAN port


There is no firewalling or software routing between the 4 lan ports, they are bridged together in the switch.
Firewall is between WAN and the LAN bridge

_________________
Kernel panic: Aiee, killing interrupt handler!
k0ral78
DD-WRT Novice


Joined: 15 Feb 2016
Posts: 39

PostPosted: Mon Mar 07, 2016 10:41    Post subject: Reply with quote
phuzi0n wrote:
Different builds have different iptables modules and it appears that your build is missing the ROUTE target module. Try a recent build for your model and see if it has been included, if not then ask for it on trac.


Hi phuzi0n,
how can I understand if a module is present or not in the build I flashed?
Is there a command I can digit in command line?

It looks that iptables doesn't give you any error message..whatever rule you digit Sad
johndoe123
DD-WRT Novice


Joined: 01 Jun 2016
Posts: 1

PostPosted: Wed Jun 01, 2016 5:16    Post subject: Reply with quote
Hi I have the same problem. I updated my buffalo wxr-1900DHP to the latest version (ftp://ftp.dd-wrt.com/betas/2016/05-19-2016-r29739/) but -j ROUTE seems not to work.

I want to monitor traffic between two devices connected to the routers switch. Are there other solutions to achieve that?

#firstpost

Leaf131 wrote:
Hi, i am trying to implement port mirroring on a linksys wrt54gl router with Firmware: DD-WRT v24-sp2 (07/22/09) std.

I ran the following commands:
iptables -t mangle -A POSTROUTING -d 192.168.10.105 -j ROUTE --tee --gw 192.168.10.128
iptables -t mangle -A PREROUTING -s 192.168.10.105 -j ROUTE --tee --gw 192.168.10.128

where 105 is the ip i want to monitor on 128.

When i check the ip table the output is as follows:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
ROUTE 0 -- 192.168.10.105 anywhere ROUTE gw:192.168.10.128 tee
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
ROUTE 0 -- anywhere 192.168.10.105 ROUTE gw:192.168.10.128 tee


It seems that the commands worked, but when i run Wireshark on my PC (Win 7) connected via 192.168.10.128 I don't see any packets from or for 192.168.10.105. I need to sniff TCP packets which i send from 192.168.10.105 to 192.168.10.51 to confirm they are not broken and forwarded correctly.
I have disabled the WAN because I am using the router only as switch. Have I forgotten something? Has someone an Idea what my problem could be?

PS: I have connected all devices to the switch port and nothing connected to the WAN port
marcolino7
DD-WRT Novice


Joined: 16 Jan 2008
Posts: 33

PostPosted: Sun Nov 27, 2016 1:30    Post subject: Reply with quote
Hi,
I have i386 version of dd-wrt:
Code:
DD-WRT v3.0-r28788 std (c) 2016 NewMedia-NET GmbH
Release: 01/13/16


I run this command to redirect Amazon Dash packet to my PC:

Code:
iptables -t mangle -A POSTROUTING -d 192.168.1.208 -j ROUTE --tee --gw 192.168.1.187
iptables -t mangle -A PREROUTING -s 192.168.1.208 -j ROUTE --tee --gw 192.168.1.187


but running checking command, rule are not present. Is there a way to do this on my version of DD-WRT?

Thanks
KittyChampion
DD-WRT Novice


Joined: 19 Sep 2017
Posts: 23

PostPosted: Wed Nov 08, 2017 19:02    Post subject: Reply with quote
Does Kong (latest stable) build support ROUTE target module?

I am trying to do same thing here and mangle rule is not adding Sad
KittyChampion
DD-WRT Novice


Joined: 19 Sep 2017
Posts: 23

PostPosted: Wed Nov 08, 2017 23:15    Post subject: Reply with quote
Thanks for your reply, doug.

I am trying to see live traffic of Android phone on Wireshark.
uragan1987
DD-WRT Novice


Joined: 02 Oct 2015
Posts: 21

PostPosted: Tue Nov 21, 2017 14:49    Post subject: Reply with quote
try to setup my Linksys WRT1900ACSv2
for now without success

I want to clone whole connection to 192.168.1.22

i try this (only from 192.168.1.21 to 192.168.1.22):
iptables -t mangle -A PREROUTING -d 192.168.1.21 -j ROUTE --tee --gw 192.168.1.22
iptables -t mangle -A PREROUTING -s 192.168.1.21 -j ROUTE --tee --gw 192.168.1.22

and this:
iptables -A PREROUTING -t mangle -s 192.168.0.0/24 -j ROUTE --gw 192.168.1.22 --tee
iptables -A POSTROUTING -t mangle -s 192.168.0.0/24 -j ROUTE --gw 192.168.1.22 --tee

both without success

i just put this command inside telnet command, maybe i have forgot something?

my Firmware: DD-WRT v3.0-r33772 std (11/16/17)

QoS=off < should this be on?
Firewall=on
chuckugly
DD-WRT Novice


Joined: 24 Jun 2016
Posts: 2

PostPosted: Mon May 21, 2018 5:48    Post subject: Reply with quote
d0ug wrote:
After reading though this thread, I am pretty sure these iptables commands to attempt port mirroring is not going to capture all of your LAN traffic, so it all depends on what you are attempting to do.

If you have 3 PCs (lets say the monitoring pc is on port1) plugged into the 3 LAN ports and attempt to monitor the traffic with iptables, you will probably only see the traffic with a destination out to or source from the internet. Basically stuff that flows though the routing function of the router.


I think that would be fine for me, I'm looking to pipe traffic out to an IDS sniffer so I'm less interested in what some people call "east-west" traffic (horizontally on the LAN) than "north-south" traffic.

What *I* want is to have all WAN traffic duplicated and sent to the IDS.

Is my thinking correct here?
Goto page Previous  1, 2, 3 Display posts from previous:    Page 3 of 3
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum