port mirroring possible ?
port mirroring possible ?
Hi all,
first post for 7 years ! I'm trying to get one of my routers to do port mirroring.
I have tried with my Belkin running DD-WRT v24micro using the guide here
http://webcache.googleusercontent.com/s ... en&ct=clnk
but I think the version of dd-wrt I have doesn't support the stuff mentioned there, so more internet nonsense - sigh.
I remember that my old Safecom GART2-4115 can run your RTech firmware, though, so I looked through your site for firewall guides/doco, but found none.
Is it iptables ?
If so, does it support this ( the TEE target with gateway option) ?
iptables -t mangle -A PREROUTING -j TEE --gateway 192.168.1.23
iptables -t mangle -A POSTROUTING -j TEE --gateway 192.168.1.23
do I need an
insmod ipt_ROUTE
before ?
first post for 7 years ! I'm trying to get one of my routers to do port mirroring.
I have tried with my Belkin running DD-WRT v24micro using the guide here
http://webcache.googleusercontent.com/s ... en&ct=clnk
but I think the version of dd-wrt I have doesn't support the stuff mentioned there, so more internet nonsense - sigh.
I remember that my old Safecom GART2-4115 can run your RTech firmware, though, so I looked through your site for firewall guides/doco, but found none.
Is it iptables ?
If so, does it support this ( the TEE target with gateway option) ?
iptables -t mangle -A PREROUTING -j TEE --gateway 192.168.1.23
iptables -t mangle -A POSTROUTING -j TEE --gateway 192.168.1.23
do I need an
insmod ipt_ROUTE
before ?
- thechief
- RouterTech Team
- Posts: 12067
- Joined: Wed Feb 01, 2006 10:22 pm
- Location: England, the Centre of Africa
- Contact:
Re: port mirroring possible ?
I doubt that our iptables supports TEE and gateway - but you can always try.
The Chief: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
No support via PM. Ask all questions on the open forum.
Re: port mirroring possible ?
I should have read the history file more carefully
My GART2-4115 is a 2/8 model, so doesn't even have iptables !
Ah well.
See you in 2020 !
My GART2-4115 is a 2/8 model, so doesn't even have iptables !
Ah well.
See you in 2020 !
- thechief
- RouterTech Team
- Posts: 12067
- Joined: Wed Feb 01, 2006 10:22 pm
- Location: England, the Centre of Africa
- Contact:
Re: port mirroring possible ?
Hmmm ... all versions of our firmware have iptables.
The Chief: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
No support via PM. Ask all questions on the open forum.
Re: port mirroring possible ?
From the file history.html in the docs folder in the firmware zip
---
New features applicable only to wireless routers, or non-wireless routers with 4mb flash and 16mb RAM (e.g., ADSL2MUE)
1. Add support for TCPMSS in kernel and add iptables command, to overcome MTU issues with some websites. Unfortunately this eats some RAM, and so it has not been added to RAM-challenged routers (i.e., those with only 8mb RAM).
---
I read this as 'the iptables command has only been added to non-wireless routers with at least 4/16'
Is that incorrect ? Did you actually only mean that 'the 2/8 versions have the TCPMSS feature of iptables missing' ?
Do I have to read the source and the build rules to find out which features of iptables made it into which build ? I think the 'just try it' option is too expensive, as someone is actually still using the Safecom with its stock firmware !
---
New features applicable only to wireless routers, or non-wireless routers with 4mb flash and 16mb RAM (e.g., ADSL2MUE)
1. Add support for TCPMSS in kernel and add iptables command, to overcome MTU issues with some websites. Unfortunately this eats some RAM, and so it has not been added to RAM-challenged routers (i.e., those with only 8mb RAM).
---
I read this as 'the iptables command has only been added to non-wireless routers with at least 4/16'
Is that incorrect ? Did you actually only mean that 'the 2/8 versions have the TCPMSS feature of iptables missing' ?
Do I have to read the source and the build rules to find out which features of iptables made it into which build ? I think the 'just try it' option is too expensive, as someone is actually still using the Safecom with its stock firmware !
Re: port mirroring possible ?
I've examined the source now.
The TEE target source should be in the src/iptables/extensions folder ; all the other targets are there -
as libipt_<TARGET_NAME>.c - it isn't.
TEE appears in 2.6.35 kernel or later and iptables v1.4.8 or later, so no chance here.
I thought I could do the same thing with the -j ROUTE target by seeing if its patchable --tee option was present
in the patch-o-matic folder, but I can't find that either.
How do we, as home tinkerers, do LAN testing (e.g. with wireshark) _without_ port mirroring in our 4-port router switches ?
The TEE target source should be in the src/iptables/extensions folder ; all the other targets are there -
as libipt_<TARGET_NAME>.c - it isn't.
TEE appears in 2.6.35 kernel or later and iptables v1.4.8 or later, so no chance here.
I thought I could do the same thing with the -j ROUTE target by seeing if its patchable --tee option was present
in the patch-o-matic folder, but I can't find that either.
How do we, as home tinkerers, do LAN testing (e.g. with wireshark) _without_ port mirroring in our 4-port router switches ?
- thechief
- RouterTech Team
- Posts: 12067
- Joined: Wed Feb 01, 2006 10:22 pm
- Location: England, the Centre of Africa
- Contact:
Re: port mirroring possible ?
Sorry, but I have no idea what you're talking about. I have run wireshark many times for all sorts of things, so I am not sure what the issue with port mirroring is (or even what it is).fastpath wrote:How do we, as home tinkerers, do LAN testing (e.g. with wireshark) _without_ port mirroring in our 4-port router switches ?
The Chief: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
No support via PM. Ask all questions on the open forum.
Re: port mirroring possible ?
OK.
If I have a laptop running Wireshark on port 1 of a 4-port router switch, it won't see any of the traffic passing through ports 2,3 & 4 that isn't addressed to it ( which none of it will be), surely ? So how does it monitor anything ?
Port mirroring takes all packets passing through designated ports on a switch, clones them and routes the copies either to a specific port on the switch, or, in the case of iptables TEE target, sends them out of the port where its MAC table says the listening IP corresponding to the --gateway argument is.
Managed switches invariably have port mirroing configurable via their EWS.
I have been asked to diagnose high latencies in someone's small LAN. I wanted to use Wireshark to inspect for high retransmits and the like.
Anyway, I managed to squeeze OpenWrt 12.09 onto another router box I had. That has iptables 1.4.10 and kernel 3.3.8, so adding the TEE modules I needed with opkg was a piece of cake.
If I have a laptop running Wireshark on port 1 of a 4-port router switch, it won't see any of the traffic passing through ports 2,3 & 4 that isn't addressed to it ( which none of it will be), surely ? So how does it monitor anything ?
Port mirroring takes all packets passing through designated ports on a switch, clones them and routes the copies either to a specific port on the switch, or, in the case of iptables TEE target, sends them out of the port where its MAC table says the listening IP corresponding to the --gateway argument is.
Managed switches invariably have port mirroing configurable via their EWS.
I have been asked to diagnose high latencies in someone's small LAN. I wanted to use Wireshark to inspect for high retransmits and the like.
Anyway, I managed to squeeze OpenWrt 12.09 onto another router box I had. That has iptables 1.4.10 and kernel 3.3.8, so adding the TEE modules I needed with opkg was a piece of cake.