Copy all bridge traffic to a specific interface

networking security network-monitoring network-bridge
8,181

Solution 1

I think that daemonlogger Install daemonlogger will do want you want.

It is capable of operating in two modes: sniffing packets and logging them directly to disk (files are automatically rolled over after 1GB of data), or in a "soft-tap" mode where it mirrors packets on another interface.

It is is the repository, so sudo apt-get install daemonlogger will get you started.

Syntax would be similar to 

sudo daemonlogger -i <input_interface> -o <mirror_interface>

where the arguments are explained as 

   -i <interface>
   Set interface to grab data from to <interface>.

   -o <interface>
   Disable logging, instead mirror  traffic  from  -i  <interface>  to  -o
   <interface>.

The biggest caveat is that you need to make sure that the destination port is capable of receiving the retransmitted traffic.

If you need more specific configuration guidance, you'd need to give more details on your bridge and interface setup.

Solution 2

I do not believe this is possible with a Linux-based software bridge (at least, not in its current version). If it were, it should be an option in the brctl utility.

Yes, many physical Ethernet switches have some kind of a mirroring/monitoring capability, which would allow you to designate an interface within the bridge to send all traffic to. It sounds like this would be a good enhancement for situations like yours.

Edit: you may be able to use a traffic control rule to accomplish this.

Share:
8,181

Related videos on Youtube

Dan Hibbert
Author by

Dan Hibbert

Updated on September 17, 2022

Comments

  • Dan Hibbert
    Dan Hibbert over 1 year

    I have a bridge/switch set up an a machine that has multiple ports. Occasionally, I have a vm running through virtualbox, and I'll have it use a virtual adapter and then I add the adapter to the bridge. I have heard that some switches can copy all the traffic they see to a specific port on the bridge, usually for network monitoring. I would like to be able to run some windows based network tools. I do not want to run Windows on the actual hardware, because it would be lots of work to duplicate my setup in windows, so I was thinking if I can copy all traffic to a port, I can send it to a VM with windows. How can I set this up? I think this might be ebtables area, but I don't know ebtables well enough to know for sure, and it always seems like (from my understanding of ebtables) ebtables does something with the traffic (drop, accept, etc), but never copies it.

    • Admin
      Admin about 13 years
      I'm not clear on what your switch is. Is this an external switch, or a bridge internal to your VM box? What's the vendor? This kind of traffic mirroring is what Cisco would call SPAN, though other vendors have other names for it.
    • Admin
      Admin about 13 years
      The bridge I mentioned is a software one, running directly (not in a VM) on the hardware of a desktop. So I guess I would say the vendor is Linux in a way. It doesn't have anything to do with a VM (unless I plug a VM into it).
    • Admin
      Admin about 13 years
      btw, if you use @username format it will inform them that they have a response when they log in. There's a post in meta with more info.
  • Dan Hibbert
    Dan Hibbert about 13 years
    I have to agree that this would seems like brctl's territory. I asked on the netfilter mailing list and they mentioned the same page you linked to about tc. Unfortunately, that page went way over my head. (I only started messing with tc about 2 days ago).
  • Dan Hibbert
    Dan Hibbert about 13 years
    Thanks! This seems to simple in comparison to doing it with tc (which I can't seem to find much information on).

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Error in configuring network security xml in android
How much is in-secure to use rsync in daemon mode without ssh
network communication encryption in java
Bonding + Bridge : traffic passing through the wrong interface
how to enable iptables tarpit?
LXD container set static ip
Ubuntu 17.10 - OpenVPN TAP - Help
How to connect to two VPNs at the same time?
How to get docker0 bridge back?
How to setup a bridge with network-manager?