Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 47. Mirroring a network interface by using nmcli
Network administrators can use port mirroring to replicate inbound and outbound network traffic being communicated from one network device to another. Mirroring traffic of an interface can be helpful in the following situations:
- To debug networking issues and tune the network flow
- To inspect and analyze the network traffic
- To detect an intrusion
Prerequisites
- A network interface to mirror the network traffic to.
Procedure
Add a network connection profile that you want to mirror the network traffic from:
nmcli connection add type ethernet ifname enp1s0 con-name enp1s0 autoconnect no
# nmcli connection add type ethernet ifname enp1s0 con-name enp1s0 autoconnect noCopy to Clipboard Copied! Toggle word wrap Toggle overflow Attach a
qdiscof typepriotoenp1s0for the egress (outgoing) traffic with the10:handle:nmcli connection modify enp1s0 +tc.qdisc "root prio handle 10:"
# nmcli connection modify enp1s0 +tc.qdisc "root prio handle 10:"Copy to Clipboard Copied! Toggle word wrap Toggle overflow The
qdiscset toprioattached without children allows attaching filters.Add a
qdiscfor the ingress traffic, with theffff:handle:nmcli connection modify enp1s0 +tc.qdisc "ingress handle ffff:"
# nmcli connection modify enp1s0 +tc.qdisc "ingress handle ffff:"Copy to Clipboard Copied! Toggle word wrap Toggle overflow Add the following filters to match packets on the ingress and egress
qdiscs, and to mirror them toenp7s0:nmcli connection modify enp1s0 +tc.tfilter "parent ffff: matchall action mirred egress mirror dev enp7s0" nmcli connection modify enp1s0 +tc.tfilter "parent 10: matchall action mirred egress mirror dev enp7s0"
# nmcli connection modify enp1s0 +tc.tfilter "parent ffff: matchall action mirred egress mirror dev enp7s0" # nmcli connection modify enp1s0 +tc.tfilter "parent 10: matchall action mirred egress mirror dev enp7s0"Copy to Clipboard Copied! Toggle word wrap Toggle overflow The
matchallfilter matches all packets, and themirredaction redirects packets to destination.Activate the connection:
nmcli connection up enp1s0
# nmcli connection up enp1s0Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Verification
Install the
tcpdumputility:yum install tcpdump
# yum install tcpdumpCopy to Clipboard Copied! Toggle word wrap Toggle overflow Display the traffic mirrored on the target device (
enp7s0):tcpdump -i enp7s0
# tcpdump -i enp7s0Copy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}