How to configure linux server for receiving mirrored traffic?

Please help to find a good article on setting up linux server is used for receiving, processing and logging of mirrored traffic. Only interested in http traffic, parsing and storage of queries. I want to figure out how to configure iptables to tcp ack'and climbs and application-handler took the packages sent to him. Traffic profile: the queries from one host to another, each request creates its connection.
July 8th 19 at 12:23
1 answer
July 8th 19 at 12:25
1) Set ntop-ng
2)
iptables-P INPUT DROP
iptables -A INPUT-i ingress-mirror-interface-p tcp --dport 80-p ACCEPT
iptables -A INPUT-d ip server -p ACCEPT
iptables -A INPUT-i lo-d 127.0.0.0/8-p ACCEPT

repeat for iptables6 if necessary
2) ?????
3) PROFIT
Why is ntop-ng?
Do I need to translate "ingress-mirror-interface" promisc mode?
ip packets are not assigned to me, unless they get the INPUT? - Alvina_Crona commented on July 8th 19 at 12:28

Find more questions by tags LinuxComputer networks