User Tools
articles:proxmox_span
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
articles:proxmox_span [2018/04/27 12:03] veera [The setup] |
articles:proxmox_span [2018/04/27 12:22] (current) veera [Add a new interface to a VM using this bridge vmbr7] |
||
|---|---|---|---|
| Line 14: | Line 14: | ||
| - | Create a new bridge | + | ==== Create a new bridge ==== |
| + | |||
| The good news is Proxmox is based on Debian9 and you can login directly to the system and make configuration changes. Logon to the Proxmox server directly and create a new Bridge and add the physical port as the only member of that bridge. | The good news is Proxmox is based on Debian9 and you can login directly to the system and make configuration changes. Logon to the Proxmox server directly and create a new Bridge and add the physical port as the only member of that bridge. | ||
| - | Edit `/etc/network/interfaces` and enter the following | + | Edit ''/etc/network/interfaces'' and enter the following |
| + | |||
| + | <code bash> | ||
| - | '' | ||
| auto vmbr7 | auto vmbr7 | ||
| iface vmbr7 inet manual | iface vmbr7 inet manual | ||
| Line 27: | Line 29: | ||
| bridge_fd 0 | bridge_fd 0 | ||
| bridge_ageing 0 | bridge_ageing 0 | ||
| - | '' | + | |
| + | </code> | ||
| + | |||
| + | Then | ||
| + | |||
| + | <code> | ||
| + | systemctl restart network | ||
| + | </code> | ||
| + | |||
| + | |||
| + | Basically, this creates a dumb bridge with zero bridge_ageing, so it will just forward all packets to who ever is connected. | ||
| + | |||
| + | Now ''brctl show'' should show you the new bridge. | ||
| + | |||
| + | |||
| + | ==== Add a new interface to a VM using this bridge vmbr7 ==== | ||
| + | |||
| + | Next logon to Proxmox VE and add a new sniffing interface using //Hardware -> Add -> Network Device// | ||
| + | |||
| + | Then select the new bridge for this interface as shown below | ||
| + | |||
| + | {{:articles:pve1.png?600|}} | ||
| + | |||
| + | Then go back and review the VM, there should be TWO intefaces, one for management and the other for the sniffing. It should look like this. | ||
| + | |||
| + | {{:articles:pve2.png?600|}} | ||
| + | |||
| + | |||
| + | |||
| + | ===== Configure the capture interface within the VM ===== | ||
| + | |||
| + | Now boot up the VM and you will find two adapters. Using the MAC address you can go back to the Proxmox UI and determine which adapter maps to which bridge. Assign an IP address to the management interface and leave the other one without an IP. | ||
| + | |||
| + | Typing ''ifconfig -a'' gives you something like below | ||
| + | |||
| + | {{:articles:pve3.png?600|}} | ||
| + | |||
| + | |||
| + | <note important>Make sure you do a ifconfig ens19 up. Otherwise you may not be able to capture from that interface</note> | ||
| + | |||
| + | |||
| + | We're done. Now, all you need to do is capture from ''ens19'' using Trisul Network Analytics. Install Trisul, then go to admin/admin Capture Profiles and select ens19. | ||
| + | |||
| + | |||
| + | Hope this helps. Trisul is designed to be frugal in resource usage , we can install several such Trisul on a single Proxmox platform using this technique. | ||
| + | |||
| + | |||
| + | -end- | ||
| + | |||
| + | |||
| + | |||
| + | |||
articles/proxmox_span.1524830628.txt.gz · Last modified: 2018/04/27 12:03 by veera
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
