[Snort-users] Disappointed: I spent S$109 on a Buffalo DD-WRT router but can't get port mirroring to work

Joel Esler (jesler) jesler at ...589...
Sat Apr 5 10:56:34 EDT 2014


You should try the dd-wrt forums. This isn't about Snort.  

--
Joel Esler
Sent from my iPhone

> On Apr 4, 2014, at 14:13, "Teo En Ming" <teo.en.ming at ...11827...> wrote:
> 
> My Asus RT-N15U wireless router is not supported on OpenWRT. Only the RT-N15 model is supported.
> 
> According to your reply, you have no hope of getting port mirroring to work with my Buffalo WZR-HP-G300NH2 wireless router at all?
> 
> Sob sob sob. I wasted my money.
> 
> -- 
> Yours sincerely,
> 
> Teo En Ming
> 
> 
>> On 05/04/2014 02:02, Bill Parker wrote:
>> You could try OpenWRT, which does support mirroring.  Another method would be to put in a intelligent switch for all hardware on your network which would give you the same thing as a SPAN/mirror port.
>> 
>> I have NOT tried the OpenWRT firmware, so I would exercise caution with changing the DD-WRT firmware to OpenWRT, but if you still have your ASUS router, it might handle the OpenWRT firmware just fine.
>> 
>> http://wiki.wireshark.org/SwitchReference
>> 
>> The above link is for switches which support mirroring/span (with some links to low cost solutions).
>> 
>> It would be nice if Buffalo/Asus and other router providers have a SPAN/mirror port built in, but that's the problem with consumer routers (unfortunately).
>> 
>> Bill
>> 
>> 
>>> On Fri, Apr 4, 2014 at 8:23 AM, Teo En Ming <teo.en.ming at ...11827...> wrote:
>>> Hi,
>>> 
>>> I am extremely disappointed. I spent SGD$109 on the Buffalo WZR-HP-G300NH2 wireless router but can't get port mirroring to work.
>>> 
>>> I have tested the following 2 iptables commands with *all* of the DD-WRT v24-SP2 firmware builds/versions from the year 2011 to the year 2014 but still cannot get port mirroring to work.
>>> 
>>> # iptables -A PREROUTING -t mangle -j ROUTE --gw 192.168.1.40 --tee
>>> 
>>> # iptables -A POSTROUTING -t mangle -j ROUTE --gw 192.168.1.40 --tee
>>> 
>>> I bought my Buffalo DD-WRT router according to the recommendations in http://www.snort.org/docs (Bill/William Parker's How to make some Home Routers mirror traffic to Snort article) but I can't get port mirroring to work. Apparently *all* of the DD-WRT v24-SP2 firmware builds/versions between 2011 and 2014 don't support the route target and tee.
>>> 
>>> What are my options now? I couldn't return the Buffalo DD-WRT router to the distributor in Singapore and ask for a refund. 
>>> 
>>> Are there any other firmware builds/versions which I can try to get port mirroring to work? I have also filed a bug report with http://www.dd-wrt.com. The bug report is here: http://www.dd-wrt.com/dd-wrtv2/bugtracker/view.php?id=4522
>>> 
>>> I have also reported the issue on the DD-WRT forum but nobody is replying to my thread. http://www.dd-wrt.com/phpBB2/viewtopic.php?t=260012
>>> 
>>> I also joined DD-WRT IRC channel on freenode but nobody is replying to my questions.
>>> 
>>> *Sob sob sob sob sob sob*
>>> 
>>> What should I do? Please advise.
>>> -- 
>>> Yours sincerely,
>>> 
>>> Teo En Ming
>>> 
> 
> 
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140405/34eff47c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2322 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140405/34eff47c/attachment.bin>


More information about the Snort-users mailing list