Greetings
I have a RB/433 and I’d like to do mirror/clone a copy of data coming to/from the wwireless clients to the internet.
I’ve had some success on linux platforms doing the following:
iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.100.100 --tee
iptables -A POSTROUTING -t mangle -j ROUTE --gw 192.168.100.100 --tee
Where 192.168.100.100 is a setup as a interface.
Any suggestions on how to do this with routeros?
Thanks
Hi,
I’d suggest using the sniffer function in routeros. However, this requires you to run a tool called ‘trafr’ (http://www.mikrotik.com/download/trafr.tgz) on the receiving box.
eg:
$ ./trafr -s | tcpdump -r - -n
Then, setup sniffing on your RB433:
[admin@MikroTik] > /tool sniffer
[admin@MikroTik] /tool sniffer> print
interface: all
only-headers: no
memory-limit: 10
memory-scroll: no
file-name: ""
file-limit: 10
streaming-enabled: no
streaming-server: 0.0.0.0
filter-stream: yes
filter-protocol: ip-only
filter-address1: 0.0.0.0/0:0-65535
filter-address2: 0.0.0.0/0:0-65535
running: no
[admin@MikroTik] /tool sniffer> set interface=wlan1 streaming-server=192.168.100.100 streaming-enabled=yes
[admin@MikroTik] /tool sniffer> start
..and you should see the expected tcpdump output.
There’s also a port mirror feature in the switch chip, but since the wlan interface is not a part of the switch, that won’t work in this case (well, unless you mirror your uplink). http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features
Hope it helps.
–
Morten
Hi Morten,
Thanks for the references. I’ve did look into using the built in packet streaming but I’d rather not have to modify my existing setup if it isn’t required. I’ll give it a closer look as it may be doing what I need.
Regarding mirroring the up-link. I’ve considered that however I’m not sure if I can get all of the information I’d like for monitoring wireless clients. I know all of the wireless mac addresses and I’d like access to that info, i’m pretty sure that info will be lost after the NAT does its magic.
jj