This article provides the steps for configuring Port Mirroring with suitable commands. Port Mirroring is used to send a copy of packet to destination which was received on the interface depending on the configuration.

We need both inbound and outbound traffic, so using the commands,

iptables -t mangle -I PREROUTING -j TEE –gateway 10.20.0.129

“PREROUTING” is before routing decision happens

iptables -t mangle -I POSTROUTING -j TEE –gateway 10.20.0.129

“POSTROUTING” is after routing decision

After the rules are applied, ping “Windows XP client” from “Ubuntu” using tcpdump

tcpdump -i any -n

To view the iptables from command line, use the commands.

iptables -t mangle -S

or

iptables -t mangle -L

To remove the rules for iptables, use the following commands.

iptables -t mangle -D PREROUTING -j TEE –gateway 10.20.0.129

iptables -t mangle -D POSTROUTING -j TEE –gateway 10.20.0.129