kristiandg
New Member
Good morning, all.
With the push to migrate things to the cloud, there's obviously still a few things you can't pull off like you can on good ol' on-prem hardware, leaving a deficiency for something I need that I'm hoping can be filled with software.
I have a Linux (Ubuntu) box that needs a second Linux box to "port-mirror" it's traffic. I've found several things on the internet suggesting this can be done, but no definitive guide to do so. Both machines will have their primary ETH0 interface to the outside world, then will both have an ETH1, which I hope to use as some sort of bridge between them. Basically, a virtual "crossover cable" between them (over IP, but without modifying the data collected).
Since Wireshark/PCAP allows remote capture over SSH, I had hoped someone would have written a virtual ethernet "driver" that I could load on Server 2 that basically establishes that remote pcap link to Server 1 in order to stream the traffic to the second box, but haven't been able to find anything.
Does anyone have any thoughts on how this might be able to be achieved? Server 1 would handle all the traffic for the application, and Server 2 merely exists to monitor all the traffic going in/out of that Server 1's ETH0 interface.
Thanks.
With the push to migrate things to the cloud, there's obviously still a few things you can't pull off like you can on good ol' on-prem hardware, leaving a deficiency for something I need that I'm hoping can be filled with software.
I have a Linux (Ubuntu) box that needs a second Linux box to "port-mirror" it's traffic. I've found several things on the internet suggesting this can be done, but no definitive guide to do so. Both machines will have their primary ETH0 interface to the outside world, then will both have an ETH1, which I hope to use as some sort of bridge between them. Basically, a virtual "crossover cable" between them (over IP, but without modifying the data collected).
Since Wireshark/PCAP allows remote capture over SSH, I had hoped someone would have written a virtual ethernet "driver" that I could load on Server 2 that basically establishes that remote pcap link to Server 1 in order to stream the traffic to the second box, but haven't been able to find anything.
Does anyone have any thoughts on how this might be able to be achieved? Server 1 would handle all the traffic for the application, and Server 2 merely exists to monitor all the traffic going in/out of that Server 1's ETH0 interface.
Thanks.