虚机抓取Hyper-V宿主的镜像流量(Windows Server 2012R2)
1.将交换机流量镜像到Hyper-V宿主的一块网卡(eth4)
2.在Hyper-V宿主上新建虚拟交换机(Network_Mirror),选择外部网络,扩展属性中启用“Microsoft NDIS捕获”,设置如下图所示:
3.在已创建好的虚机上,选择使用“Network_Mirror”虚拟交换机,然后在高级功能中,镜像模式选择“目标”,即该虚机用来接收镜像流量
4.选择流量来源,在Hyper-V宿主上运行PowerShell命令:
$VMSwitchPortFeature = Get-VMSystemSwitchExtensionPortFeature -FeatureName 'Ethernet Switch Port Security Settings' #选择扩展功能 - 交换机端口安全设置“类”
$VMSwitchPortFeature.SettingData.MonitorMode = 2 #MonitorMode参数说明(0 = 无, 1 = 目标, 2 = 来源)
Add-VMSwitchExtensionPortFeature -ExternalPort -SwitchName 'Network_Mirror' -VMSwitchExtensionFeature $VMSwitchPortFeature #将该功能加入到该虚拟交换机
注:All traffic hitting the hyper-v Host is also hitting the external port of the virtual switch. However for the NIC on the VM to get these packets, we need to now “mirror” this Switch port (on the Virtual switch) to let him know that he has to forward the packets onto the “DESTINATION” we had configured earlier.
5.在虚机(CentOS)上运行命令监控镜像流量:
tcpdump -i eth1 -w /tmp/a.txt
运行tail -f tmp/a.txt 可以看到捕获到的镜像流量
附:
参考:
https://blogs.technet.microsoft.com/networking/2015/10/16/setting-up-port-mirroring-to-capture-mirrored-traffic-on-a-hyper-v-virtual-machine/
https://dotblogs.com.tw/terrychuang/2015/01/19/148176
最新文章
- C#开发微信门户及应用(5)--用户分组信息管理
- 消除左递归c语言文法
- 前端模块化工具-webpack
- MJRefresh自定义刷新动画
- 获取当前 Windows 的安装序列号
- dp和px的转换
- 使用jquery.validate.js实现boostrap3的校验和验证
- java学习面向对象之多态
- [Unity-7] Update和FixedUpdate
- Piggy Back_KEY
- 阿里云服务器php环境的搭建
- Java 中的内部类
- linux 清理缓存buff/cache
- error_log
- linux忘记root密码
- Linux inode空间占满 “no space left on device”
- BZOJ4184:shallot(线段树分治,线性基)
- Git 生命周期
- <;OFFER05>; 05_ReplaceSpaces
- python定位性能的工具