Hi,
I’m using an Omnia connected to a network via WAN interface with access to clients via the br-lan & wifi. I’d like to port mirror the WAN interface to one of the available ethernet ports but am not sure how to setup the switch / port mirroring.
Can anyone help me out or point me in the direction of a useful example?
Cheers!!
-=ChaZ=-
Port mirroring in OpenWRT/LEDE is accomplished though the iptables-mod-tee package which is not included in the Omnia distribution.
Someone’s sort of got it working with daemonlogger (covered here http://blog.ry2l.cz/2017/01/suricata-and-turris-omnia/), but that seems overly cumbersome to me and I don’t think is a complete solution.
Try port-mirroring package (not installed by default).
Anyway I’m not sure about reliability of both port-mirroring nor daemonlogger. I used it just for ntopng monitoring.
The port-mirroring package uses iptables TEE (as mentioned above, not included in Omnia) or TZSP which I’ve been unable to determine if it’s included or not.
In any case TZSP seems to be primarily used for wireless packets and I’m not sure how it works with regular network traffic.
I’ll play with it as I can.
@jklaas - thank you, I’ve seen the iptables-mod-tee approach but wasn’t sure if it worked with the Omnia. I’m ideally trying to replicate old hub functionality by using port mirroring but I’m not sure if it’s the right approach.
The whole daemonlogger thing seems a bit OTT as you said, I haven’t had much time to play yet either but I will try the port-mirroring package @blbeczech82 suggested and see how that goes. That seems related to TZSP as you also mentioned, so I’m not sure if it will suit my goals.
I’ve had no luck so far but will update here if I ever get it going!
Cheers!
-=ChaZ=-
Hi! Did you manage to configure the port mirroring? Did you use daemonlogger or port-mirroring package? How did you set things up so all works? Thanks.
Hi @Jorge,
I ran out of time to try it on the Omnia and got what I needed using another device in the end. I’m afraid I’ve no idea if it’s possible now - maybe someone else has tried more recently?
Cheers!