Overview
Port mirroring is a method used by Network administrators to analyze and debug data or diagnose errors on a network. It helps in monitoring network traffic by copying packet from one port on a network device to another port where the packets can be further analyzed. Port mirroring helps the administrators to keep a close eye on network performance and alerts them when problems occur. It can be used to mirror either inbound or outbound traffic (or both) on interfaces.
You can configure port mirroring on Seqrite UTM by assigning a source port from which you want to copy all packets and a destination port (known as the Mirror port) to which the copied packets will be sent. All the packets received on the source port are forwarded to the destination port. You can attach an analyzer (PC with Wireshark) on the destination (mirror) port to monitor each segment separately. The analyzer captures and evaluates the data without affecting the client on the original port.
Applicable Version: 2.X and Above
Network Scenario
In above, we have connected PC to eth2 port of UTM and installed sniffing tool like Wireshark to analyze packets without affecting the client on the original port that is on eth0 of UTM.
Configuration Steps:
1. You must be logged on to the Web Admin Console as an administrator with Read-Write permission for this feature.
2. Go to the Support > Port Mirroring Page and Toggle the Port Mirroring status button to Enable port mirroring.
3. Click the + (Add) icon to add the port mirroring details.
4. Select the Source interface. (i.e. eth0)
5. Select the Destination interface as eth2 UTM. This should be configured as LAN port.
Note: Eth0 cannot be set as Destination (mirror) port.
6. Select the Direction of network traffic. Here you can select traffic as inbound, outbound or both.
7. Select the Protocol and click Add. You can filter traffic based on the protocols on which the traffic is being sent and selected protocol traffic will be monitored on the destination port.
8. Click on “Add” button.
9. Demonstrating the capturing of traffic that is seen on the mirror port with an application called Wireshark.
To view this traffic, attached a PC running Wireshark to the UTM mirror port (eth2).
In this example, the Windows PC running Wireshark is connected to Mirror Port (eth2). Wireshark puts the PC s Ethernet adapter in promiscuous mode to capture packets.
The Mirror UTM Port eth2 is setup to mirror packets from UTM Port eth0.
10. We see a PC captured HTTPS sessions on the UTM port eth0.
Note: 1.You cannot mirror ports that are also being a part of link aggregation.
2. If we change interface configuration will delete associated port mirroring settings.