1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Manual] How to Make Asus RT-N15U Wireless Router (Tomato by Shibby Fimware) Mirror Traffic to Snort

Discussion in 'Tomato Firmware' started by Teo En Ming, Apr 7, 2014.

  1. Teo En Ming

    Teo En Ming Network Newbie Member

    Dear Snort Team @ Sourcefire,

    As some of the information on the http://www.snort.org/docs page
    pertaining to how to make home routers mirror traffic to Snort is outdated,
    could you publish this manual on the http://www.snort.org/docs page as
    well.

    Please note that the latest dd-wrt v24-SP2 and OpenWRT 12.09 firmwares NO
    LONGER support mirroring traffic to Snort as they are based on the Linux
    kernel 3.x. The kernel module ipt_ROUTE.ko is *incompatible* with Linux
    kernel 3.x. The ipt_ROUTE source code is only compatible with the Linux
    kernel 2.6.x.

    Please use Tomato by Shibby firmwares if you seriously want to mirror
    traffic to Snort. Please visit his website at http://tomato.groov.pl/ Why
    do you want to use Tomato by Shibby firmwares if you want to contemplate
    mirroring traffic to Snort? Because Tomato by Shibby firmwares are based on
    the Linux kernel 2.6.x. The latest is not always the greatest.

    After failing to mirror traffic to Snort with the latest dd-wrt and
    OpenWRT firmwares on my Buffalo WZR-HP-G300NH2 router, I have FINALLY
    successfully mirrored traffic to Snort using Tomato by Shibby firmware on
    my Asus RT-N15U router.

    I have wasted a few days and SGD$109 on the Buffalo WZR-HP-G300NH2
    wireless router in attempting to mirror traffic to Snort. I have wasted a
    lot of time on the dd-wrt and OpenWRT firmwares. Please DO NOT use the
    *latest* dd-wrt and OpenWRT firmwares if you seriously want to use home
    routers to mirror traffic to Snort.

    I hope I have saved potential Snort users' (who want to use home routers
    to mirror traffic to Snort) time and money by providing valuable advice
    here.

    Please refer to the attached PDF file in this email for the manual which I
    have just written.

    Lastly, and the most important of all, please help me generate some alerts
    for my Snort IDS virtual machine. My Snort IDS is installed in a virtual
    machine running on Oracle VM VirtualBox. My websites are
    http://www.teo-en-ming.com and http://www.zhang-enming.com

    I want to see some alerts appearing on my Snort box, just to make sure my
    Snort NIDS is fully operational.

    Yours sincerely,

    Teo En Ming

    Manual download link: https://www.mediafire.com/?g4vjxlvek5i8ezv
     

Share This Page