Hi, this post explains traffic mirroring on tplink TL-WR841N router.
- The router is flashed with openWRT chaos_calmer 15.05.1 version. I explain that process in my previous post (post no. 4 Security –> Ethical hacking), which is a re flashing. For a wr841N v11 router with low memory space, this would be a good choice. I had issues with out of memory after installing the barrier_breaker v11 and LEDE 17.01.2.
For traffic mirroring, we need to add some iptable rules to the router. Therefore, first install the following.
ssh email@example.com opkg update opkg install iptables-mod-tee modprobe xt_TEE
Next, add ip table rules as follows: I will use a PC for monitoring, while a mobile app connected to the same network to access facebook account. So, once the rules are added I can sniff the traffic between mobile and facebook, using Wireshark on the sniffing machine.
iptables -A PREROUTING -t mangle -i br-lan ! -d <MOBILE_DEVICE_IP_ADD RESS> -j TEE --gateway <PC_IP_ADDRESS> iptables -A POSTROUTING -t mangle -o br-lan ! -s <MOBILE_DEVICE_IP_AD DRESS> -j TEE --gateway <PC_IP_ADDRESS>
The captured traffic can be analyzed using Wireshark.
Cheers !!! 🙂