Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 48. Mirroring a network interface by using nmcli
Network administrators can use port mirroring to replicate inbound and outbound network traffic being communicated from one network device to another. Mirroring traffic of an interface can be helpful in the following situations:
- To debug networking issues and tune the network flow
- To inspect and analyze the network traffic
- To detect an intrusion
Prerequisites
- A network interface to mirror the network traffic to.
Procedure
Add a network connection profile that you want to mirror the network traffic from:
# nmcli connection add type ethernet ifname enp1s0 con-name enp1s0 autoconnect noAttach a
prioqdisctoenp1s0for the egress (outgoing) traffic with the10:handle:# nmcli connection modify enp1s0 +tc.qdisc "root prio handle 10:"The
prioqdiscattached without children allows attaching filters.Add a
qdiscfor the ingress traffic, with theffff:handle:# nmcli connection modify enp1s0 +tc.qdisc "ingress handle ffff:"Add the following filters to match packets on the ingress and egress
qdiscs, and to mirror them toenp7s0:# nmcli connection modify enp1s0 +tc.tfilter "parent ffff: matchall action mirred egress mirror dev enp7s0" # nmcli connection modify enp1s0 +tc.tfilter "parent 10: matchall action mirred egress mirror dev enp7s0"
The
matchallfilter matches all packets, and themirredaction redirects packets to destination.Activate the connection:
# nmcli connection up enp1s0
Verification
Install the
tcpdumputility:# yum install tcpdumpDisplay the traffic mirrored on the target device (
enp7s0):# tcpdump -i enp7s0
Additional resources
-
How to capture network packets using
tcpdump(Red Hat Knowledgebase)
