Comments on: Howto: Copy/Tee/Clone network traffic using iptables http://www.bjou.de/blog/2008/05/howto-copyteeclone-network-traffic-using-iptables/ Whose Blog? Bjou's Blog! Fri, 03 Sep 2010 14:44:48 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: diesel engines for sale http://www.bjou.de/blog/2008/05/howto-copyteeclone-network-traffic-using-iptables/comment-page-1/#comment-132020 diesel engines for sale Fri, 03 Sep 2010 14:44:48 +0000 http://www.bjou.de/blog/?p=228#comment-132020 Hello , I just stopped in to visit your website and thought I'd say thanks for having me . Hello , I just stopped in to visit your website and thought I’d say thanks for having me .

]]> By: Randolph Lawhon http://www.bjou.de/blog/2008/05/howto-copyteeclone-network-traffic-using-iptables/comment-page-1/#comment-131319 Randolph Lawhon Fri, 27 Aug 2010 15:00:10 +0000 http://www.bjou.de/blog/?p=228#comment-131319 Hello... It depends on your work's VPN policies... I would say yes they look at cached browsing... I would definitely clear your cookies before going on your work's VPN Hello… It depends on your work’s VPN policies… I would say yes they look at cached browsing… I would definitely clear your cookies before going on your work’s VPN

]]> By: andre's chaos » linux network traffic clone http://www.bjou.de/blog/2008/05/howto-copyteeclone-network-traffic-using-iptables/comment-page-1/#comment-129104 andre's chaos » linux network traffic clone Wed, 07 Jul 2010 09:42:39 +0000 http://www.bjou.de/blog/?p=228#comment-129104 [...] xtables tee 对于udp无连接状态的没问题 对于tcp就不行了 得用libpcap+raw socket自己些程序了 Categories: Uncategorized Tags: Comments (0) Trackbacks (0) Leave a comment Trackback [...] [...] xtables tee 对于udp无连接状态的没问题 对于tcp就不行了 得用libpcap+raw socket自己些程序了 Categories: Uncategorized Tags: Comments (0) Trackbacks (0) Leave a comment Trackback [...]

]]> By: Mina http://www.bjou.de/blog/2008/05/howto-copyteeclone-network-traffic-using-iptables/comment-page-1/#comment-92205 Mina Tue, 12 May 2009 12:07:48 +0000 http://www.bjou.de/blog/?p=228#comment-92205 how did you get this to work on centos first gavin???? how did you get this to work on centos first gavin????

]]> By: Mina http://www.bjou.de/blog/2008/05/howto-copyteeclone-network-traffic-using-iptables/comment-page-1/#comment-91877 Mina Sun, 10 May 2009 04:01:43 +0000 http://www.bjou.de/blog/?p=228#comment-91877 How do you get this to work with centos5? How do you get this to work with centos5?

]]> By: j.engelh http://www.bjou.de/blog/2008/05/howto-copyteeclone-network-traffic-using-iptables/comment-page-1/#comment-87063 j.engelh Wed, 25 Mar 2009 13:42:38 +0000 http://www.bjou.de/blog/?p=228#comment-87063 >Despite all efforts [...] only works for connectionless udp traffic. A successful 3-way-handshake on HOST A prevents HOST B (despite IP-address rewriting) from accepting the packets in userspace. Correct, because the B kernel's TCP engine does not know anything about A's connections and would drop them. While you could get packet delivery to userspace working, just what would you do if the B userspace tries to send packets back? That would not be good... IMO, the best solution here is to use libnetfilter_queue to get the packets delivered to userspace. >Despite all efforts [...] only works for connectionless udp traffic. A successful 3-way-handshake on HOST A prevents HOST B (despite IP-address rewriting) from accepting the packets in userspace.

Correct, because the B kernel’s TCP engine does not know anything about A’s connections and would drop them. While you could get packet delivery to userspace working, just what would you do if the B userspace tries to send packets back? That would not be good…
IMO, the best solution here is to use libnetfilter_queue to get the packets delivered to userspace.

]]> By: ibrahim http://www.bjou.de/blog/2008/05/howto-copyteeclone-network-traffic-using-iptables/comment-page-1/#comment-85866 ibrahim Thu, 19 Feb 2009 11:08:58 +0000 http://www.bjou.de/blog/?p=228#comment-85866 The cloned packets entering loop and coming again if the host B can not accessible on network. Is there any way change the cloned packet destination IP to host B before the sending. Regards The cloned packets entering loop and coming again if the host B can not accessible on network. Is there any way change the cloned packet destination IP to host B before the sending.

Regards

]]> By: Gavin Carr http://www.bjou.de/blog/2008/05/howto-copyteeclone-network-traffic-using-iptables/comment-page-1/#comment-81448 Gavin Carr Thu, 18 Sep 2008 07:28:20 +0000 http://www.bjou.de/blog/?p=228#comment-81448 Great post Bjou, thanks a lot. I hadn't realised there'd been a replacement released for -j ROUTE --tee, so your post and the pointer to the xtables-addons were much appreciated. I got this working on CentOS-5 after a bit of hacking on xtables-addons to workaround the RedHat-isms in their 2.6.18 kernel. Great post Bjou, thanks a lot. I hadn’t realised there’d been a replacement released for -j ROUTE –tee, so your post and the pointer to the xtables-addons were much appreciated. I got this working on CentOS-5 after a bit of hacking on xtables-addons to workaround the RedHat-isms in their 2.6.18 kernel.

]]>