Menu
ComputerMentor.net - Making a website header

How to Port Mirror with asus-merlin firmware

By: For: ComputerMentor Published: 25 Juni, 2016 Modified: 9 August, 2016

This is something I bet you will like. Had alot of hits on this when I tested out blogger a while back. Showing how you can successfully port mirror with only an Asus RT-AC66U Wireless router to sniff ALL packages. No extra router needed, all firmware! If you rather watch a movie, there is a 1080p YouTube video at the bottom of this page.

Dependencies

  • - Asus WiFi router
  • - Asus-merlin firmware
  • - SSH capabilities

Proficiency Level

Beginner

Time Required

10 Minutes

What are port mirroring, and what is its uses?

Port mirroring is basicly mirroring everything that goes on to a specific port(Where you plug in your network cable). In this guide, it is more like "IP mirroring" as I will mirror everything to a specific IP. The uses for personal use is usually IDS and parents spying on theyr kids. Probably used alot by script kiddies aswell. In business they often use it for RUM and APM. This is how they monitor and see everything you do if you have a office job.

Preparing the router

I think you will need a custom firmware. You can test on your current one if you can enable SSH have iptables if you want. I use asus-merlin and will base this guide on that one. Using version 380.59.

So you cant just edit iptables using the browser, you will need to enable SSH for the router. First off, log into 192.168.1.1 on your browser. Your IP may differ. Then manage to Administration -> System. Go down to SSH Daemon and enable it accoring to your needs. For me it is LAN only. Stick to that unless you want to access your router from outside your own network. Unless you are on Windows and dont have a SSH program like PuTTY you are good to go.

How to enable SSH on Asus RT-66U using asus-merlin custom firmware

Logging into the router and editing IP tables

Log on to your router via SSH and write the following commands:

Terminal - ComputerMentor@GuidePC

-iptables -I PREROUTING -t mangle -j ROUTE --gw (Ip-of-your-IDS) --tee

-iptables -I POSTROUTING -t mangle -j ROUTE --gw (IP-of-your-IDS) --tee

And thats it. What now? Do you have the tools to actually read the packages? A greate one IF you are good with this sort of things is Wireshark. It works for Windows, Linux and Mac. You an also download a distro completely dedicated to read, analyze and pentest networks, and it is Kali Linux. If you want to go the more IDS approach you can get Security Onion

If you ever want to reverse the settings you can just reboot. I have never done a long therm test with this, but I imagine it put quite a workload on your router. Use with caution. Or if you dont want to reboot you can type in this command:

Terminal - ComputerMentor@GuidePC

iptables --F -t mangle

If your WiFi router is incompatible/old or you just want a new router that is guaranteed to work with port mirroring, you can always buy the one I use in this guide. RT-AC66U

Please state in the comment section if you made it and with what fimware and model you made it with, and I will get it to this page for other people to read. If you want, add your name and I will add it here for credits. With link to your blog/Youtube or anything else linkable if you wish.

YouTube video below if you want a more visual tutorial

Hope you learned something!
If you find any typos, got questions or just want to say hi, please do so in the comment section below :) Dont forget to like and share
asus iptables, merlin iptables, asus-merlin, merlin ssh