This article provides the steps for configuring Port Mirroring with suitable commands. Port Mirroring is used to send a copy of packet to destination which was received on the interface depending on the configuration.
We need both inbound and outbound traffic, so using the commands,
iptables -t mangle -I PREROUTING -j TEE –gateway 10.20.0.129
“PREROUTING” is before routing decision happens
iptables -t mangle -I POSTROUTING -j TEE –gateway 10.20.0.129
“POSTROUTING” is after routing decision
After the rules are applied, ping “Windows XP client” from “Ubuntu” using tcpdump
tcpdump -i any -n
To view the iptables from command line, use the commands.
iptables -t mangle -S
or
iptables -t mangle -L
To remove the rules for iptables, use the following commands.
iptables -t mangle -D PREROUTING -j TEE –gateway 10.20.0.129
iptables -t mangle -D POSTROUTING -j TEE –gateway 10.20.0.129