Hi, From: "Hans-Cees Speel" <hanscees@myrealbox.com> To: lartc@mailman.ds9a.nl; Tue, 12 Mar 2002 11:19:40 +0100 Reply-To: hanscees@hanscees.com > I have a situation where I would like to use tc or any tool to send > all incoming (and perhaps outgoing) traffic not only to itsd > destination but also past a ids snort box. Insteed of TC your solution could be found by writing Netfilter hack. You will need to write your own target for that say ipt_COPYSEND. > hope you can help me Ya, there is a help from Rusty... a short but nice way on the link http://lists.samba.org/pipermail/netfilter/2000-May/004053.html. Take baseline from ipt_REJECT and ipt_MIRROR target in netfilter part of kernel source. If you running snifer on your firewall machine only then Insteed of writing a new target I'll suggest/prefer you to go for target ipt_QUEUE, write your user handler program which will pass all intended packets to sniffer and return CONTINUE/ACCEPT from your handler. -- Sumit
