Hi, I'm trying to send a copy of part of my traffic (on a router) to an IDS host. I use this command: # iptables -t mangle -I POSTROUTING -o enp5s0.11 -j TEE --gateway 10.215.246.15 I'm connected to the IDS host at 10.215.246.15 both via ssh and direct console. This host's NIC is working at 1000Mb/s according to ethtool. If I run tcpdump or iptraf-ng on the IDS's NIC then I see lots of packets (duplicates), so at first it seems to be working fine. However, it soon comes to a crawl and freezes for a while. It then works again, but freezes several times again too. And so on... CPU and RAM are apparently fine according to top. iptraf-ng reports peaks around 75Mb/s right before the screen freezes (when I say "freezes" I mean that the ssh session is totally frozen and can even expire if it lasts too long, but the direct console works fine, except iptraf-ng stops showing packet counters, etc..). So I'm still far away from the 1000Mb/s link speed. How can I further debug this? Is the system/NIC truly overwhelmed with packets? How can I be sure about this? Thanks, Vieri
