====== Port Mirroring with iptables ======

This article provides the steps for configuring Port Mirroring with suitable commands. Port Mirroring is used to send a copy of packet to destination which was received on the interface depending on the configuration. 

===== 1. Commands to mirror =====

We need both inbound and outbound traffic, so using the commands,
<code>iptables -t mangle -I PREROUTING -j TEE –gateway 10.20.0.129</code>
**“PREROUTING”** is before routing decision happens
<code>iptables -t mangle -I POSTROUTING -j TEE –gateway 10.20.0.129</code>
**“POSTROUTING”** is after routing decision

===== 2. Ping Windows using tcpdump  =====
After the rules are applied, ping “Windows XP client” from “Ubuntu” using tcpdump

<code>tcpdump -i any -n</code>

===== 3. Viewing the iptables =====
To view the iptables from command line, use the commands.
<code>iptables -t mangle -S</code>
or
<code>iptables -t mangle -L</code>

===== 4. Removing the iptables =====
To remove the rules for iptables, use the following commands.
<code>iptables -t mangle -D PREROUTING -j TEE –gateway 10.20.0.129</code>
<code>iptables -t mangle -D POSTROUTING -j TEE –gateway 10.20.0.129</code>