How can I emulate a switch port mirroring

imagol · July 4, 2023, 9:51am

Hello,
I want to test an IDS(intrusion detection system), and I am trying to build a docker-compose so I can test things before I have the phisical devices.
So in order for the IDS to “listen” to all the traffic, I would just configure in the switch a port mirror from the router port to the IDS port.

However, I am having many problems with this. I tried configuring iptables in the IDS machine,

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

and setting the default gateway of the network of the lan network to the IDS machine IP. But the LAN network didnt have access to the internet.

Which is the best way to configure docker-compose, so I can emulate that network?

Topic		Replies	Views
Small Computer Network Emulation General	0	839	March 5, 2019
Docker capture packets General	7	9514	August 11, 2016
Using A Second NIC Exclusively For Docker Services General docker-compose	5	11148	July 30, 2022
HELP! Docker seems to listen on all IPs coming into the interface despite configuration [edit] General docker	6	11607	May 19, 2018
Simulating on and offline networks with Docker Compose Compose	2	2167	April 23, 2018

How can I emulate a switch port mirroring

Related topics