Created
May 23, 2024 19:13
-
-
Save darknetehf/8973cc6c87f215bea768bf7cee4cabdd to your computer and use it in GitHub Desktop.
Mirroring traffic on network interfaces in Linux
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # create dummy interface for testing | |
| # using iproute2 | |
| ip link add dummy0 type dummy | |
| ip link set dummy0 up | |
| # using Network Manager | |
| nmcli connection add type dummy ifname dummy0 ipv4.method disabled ipv6.method disabled | |
| # tc rules below | |
| source_if=eth0 | |
| dest_if=dummy0 | |
| # mirror ingress traffic | |
| tc qdisc add dev $source_if ingress;: | |
| tc filter add dev $source_if parent ffff: \ | |
| protocol all \ | |
| u32 match u8 0 0 \ | |
| action mirred egress mirror dev $dest_if;: | |
| # mirror egress traffic | |
| tc qdisc add dev $source_if handle 1: root prio;: | |
| tc filter add dev $source_if parent 1: \ | |
| protocol all \ | |
| u32 match u8 0 0 \ | |
| action mirred egress mirror dev $dest_if;: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment