Traffic mirroring in Linux

It comes in hand when analyzing traffic to forward a copy of the traffic to a specific IP where a machine is listening and running Wireshark & stuff. It’s very useful for routers that don’t have the capabilities to run network analysis tools (like DD-WRT).

Just run the following commands replacing the field with the IP of your listening machine:

# iptables -t mangle -A POSTROUTING -d -j ROUTE --tee --gw
# iptables -t mangle -A PREROUTING -s -j ROUTE --tee --gw