Port mirroring and Promox

[N3ST]

Hello Everyone.

I am trying to setup a port mirroring with proxmox.

My Proxmox server has two network card, and I would like to use the second network card has a miroring port, the server is connected a managed switch which can do port mirroring.

I would like to use the switch mirroring port capability to setup a VM with OSSIM which will analyse the traffic with the second network card connected to it?

Is it possible because when I try to create a new switch with eth1 I can't because the gateway already exist.

How can I send all the traffic from the second ethernet card to the OSSIM VM?

Thank you in advance,

Best regards,

N3ST

 

[Mr.Holmes]

Hello N3ST

I am trying to setup a port mirroring with proxmox.

My Proxmox server has two network card, and I would like to use the second network card has a miroring port, the server is connected a managed switch which can do port mirroring.

I would like to use the switch mirroring port capability to setup a VM with OSSIM which will analyse the traffic with the second network card connected to it?

Is it possible because when I try to create a new switch with eth1 I can't because the gateway already exist.

How can I send all the traffic from the second ethernet card to the OSSIM VM?

If I understood it correctly you want to have the following:



mirror-port-from-switch -----> Proxmox-Host-eth1 -----> OSSIM-VM-in_Proxmox-ethxy

Create a new bridge vmbr1 connected with eth1. Assign a virtual NIC from the VM to it - you will see all the traffic from mirror port there.

Use an openvswitch bridge - it has special parameters for mirroring, see also http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=FAQ;hb=HEAD

Kind regards

Mr.Holmes