[Snort-users] Disappointed: I spent S$109 on a Buffalo DD-WRT router but can't get port mirroring to work

Teo En Ming teo.en.ming at ...11827...
Fri Apr 4 11:40:07 EDT 2014


My Asus RT-N15U wireless router is not supported on OpenWRT. Only the 
RT-N15 model is supported.

According to your reply, you have no hope of getting port mirroring to 
work with my Buffalo WZR-HP-G300NH2 wireless router at all?

Sob sob sob. I wasted my money.

-- 
Yours sincerely,

Teo En Ming



On 05/04/2014 02:02, Bill Parker wrote:
> You could try OpenWRT, which does support mirroring. Another method 
> would be to put in a intelligent switch for all hardware on your 
> network which would give you the same thing as a SPAN/mirror port.
>
> I have NOT tried the OpenWRT firmware, so I would exercise caution 
> with changing the DD-WRT firmware to OpenWRT, but if you still have 
> your ASUS router, it might handle the OpenWRT firmware just fine.
>
> http://wiki.wireshark.org/SwitchReference
>
> The above link is for switches which support mirroring/span (with some 
> links to low cost solutions).
>
> It would be nice if Buffalo/Asus and other router providers have a 
> SPAN/mirror port built in, but that's the problem with consumer 
> routers (unfortunately).
>
> Bill
>
>
> On Fri, Apr 4, 2014 at 8:23 AM, Teo En Ming <teo.en.ming at ...11827... 
> <mailto:teo.en.ming at ...11827...>> wrote:
>
>     Hi,
>
>     I am extremely disappointed. I spent SGD$109 on the Buffalo
>     WZR-HP-G300NH2 wireless router but can't get port mirroring to work.
>
>     I have tested the following 2 iptables commands with *all* of the
>     DD-WRT v24-SP2 firmware builds/versions from the year 2011 to the
>     year 2014 but still cannot get port mirroring to work.
>
>     # iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.1.40 --tee
>
>     # iptables -A POSTROUTING -t mangle -j ROUTE --gw 192.168.1.40 --tee
>
>     I bought my Buffalo DD-WRT router according to the recommendations
>     in http://www.snort.org/docs (Bill/William Parker's How to make
>     some Home Routers mirror traffic to Snort
>     <http://s3.amazonaws.com/snort-org/www/assets/217/Mirror_Traffic_With_Home_Router.pdf>
>     article) but I can't get port mirroring to work. Apparently *all*
>     of the DD-WRT v24-SP2 firmware builds/versions between 2011 and
>     2014 don't support the route target and tee.
>
>     What are my options now? I couldn't return the Buffalo DD-WRT
>     router to the distributor in Singapore and ask for a refund.
>
>     Are there any other firmware builds/versions which I can try to
>     get port mirroring to work? I have also filed a bug report with
>     http://www.dd-wrt.com. The bug report is here:
>     http://www.dd-wrt.com/dd-wrtv2/bugtracker/view.php?id=4522
>
>     I have also reported the issue on the DD-WRT forum but nobody is
>     replying to my thread.
>     http://www.dd-wrt.com/phpBB2/viewtopic.php?t=260012
>
>     I also joined DD-WRT IRC channel on freenode but nobody is
>     replying to my questions.
>
>     *Sob sob sob sob sob sob*
>
>     What should I do? Please advise.
>
>     -- 
>     Yours sincerely,
>
>     Teo En Ming
>
>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140404/c4ced6cb/attachment.html>


More information about the Snort-users mailing list