Capture and monitor mirrored traffic on Linux

in the Linux01-VM, enter the tcpdump command at the command prompt.

tcpdump -nn icmp

This command line is used to monitor ICMP network traffic.

Monitor the command output for a few seconds and verify that ICMP traffic is not being captured.

The tcpdump output does not have any information to display until ICMP traffic is detected on the network.

At the Linux02-VM command prompt, enter the ping command.

ping 172.20.10.10

This command pings the default router IP address.

If the ping command does not work, enter the following command to restart network services and then ping again.

service network restart

After the ping command begins to work, click the Linux01-VM console tab.

In the Linux01 console window, verify that the running tcpdump command output remains silent and did not capture any ICMP traffic

This mean the Monitoring is not enabled in VDS

You configure port mirroring so that the port connected to the Linux02 VM is the mirror source and the port connected to the Linux01 VM is the mirror destination

All the traffic present on the Linux02 port is forwarded to the Linux01 port for examination

With port mirroring configured, you view the tcpdump command output and verify that any ICMP traffic appearing on the Linux02-VM port is duplicated on the Linux01-VM port

Return to the Linux02 console tab.

Verify that the ping command is still reaching the default router IP address.

Go to the Linux01 console tab.

In the Linux01 console, examine the tcpdump output in the terminal window.

The output looks similar to the following screenshot.

The local address begins with 172.20.11.

In the Linux01-VM console window, press Ctrl+C to stop the tcpdump command.

If pressing Ctrl+C does not work, click anywhere inside the tab screen and repeat.

Click the Linux02 console tab.

In the Linux02 console window, press Ctrl+C to stop the ping command.

At the Linux02 command prompt, use ifconfig to examine the IP configuration.

ifconfig

Use the command output to verify that the Linux02 IP address matches the address that you recorded in the output of tcpdump

About the author

Mosab Shaker

I stand at the forefront of the fastest moving technology trends like Digital Transformation, computer virtualization ,networking and security. I spent the past tenth years evangelizing an industry-wide shift to the co location in the MENA by promoting virtualization and cloud services many Customers . With a unique mix of knowledge about different industries, businesses, and technologies

View all posts

Leave a Reply

Your email address will not be published. Required fields are marked *