1. IMPORTANT - 11/13/2015: In light of a possible breach we have scrubbed all passwords. You will need to request a password reset through the site. Click here for more information.

Creating mirror port in kernel

Discussion in 'Linux Networking' started by kapalua, Dec 31, 2013.

  1. kapalua

    kapalua New Member

    Dec 31, 2013
    Likes Received:
    In my hunt for a way of reading network data(when using a linux box as a router) i got the idea that it could be possible to create something similar to a mirror port(which exists on some switches) directly in the kernel of linux.

    The idea is to tap into the kernel at the point where the packages are recevied and making a copy to a file/stream.

    Anyone who knows if this is done or is possible?

    Seems like Netfilter is the way to go forward with this.
    Last edited: Dec 31, 2013
  2. grim76

    grim76 Active Member Staff Writer

    Nov 21, 2011
    Likes Received:
    Are you looking to capture the network traffic that is coming in on the interface?

    If so then look at tcpdump it will write to a file the network stream so you can look at it in wireshark and other applications.

Share This Page