Port Mirroring Hyper - V
Network Requirements for the HyperV Network Sensor:
- CPU – 4 Cores, 8 GB RAM and 64 GB Disk Space
- Extra Physical NIC for the External traffic to be monitored.
Download the Network Sensor with the below link:
Download file from release link: https://acps.aelladata.com/release/2.3.2/datasensor/aella-ds-2.3.2.vhdx
Username: AellaMeta
Configuring Windows Server 2012+ Hyper-V Virtual Machines for Port Mirroring
Complete the two following tasks to set up port mirroring on a Windows Server 2012 R2 Hyper-V host.
Important: Before you configure port mirroring on a Windows Server 2012 VM, make sure that the Microsoft packet sniffing tool hotfix is applied.
Configuring the Virtual Machine to Capture Mirrored Traffic
To configure the virtual machine you want to use to capture mirrored traffic
- Open the Hyper-V Manager and right-click the machine that you want to use to capture mirrored traffic.
- Select Settings.
- Expand the associated network adapter and select Advanced Features.
- Scroll to the Port mirroring section and set the Mirroring mode to Destination.
- Click Apply and OK.
Configuring the Mirror Port
To configure the mirror port
- Open the Windows PowerShell console.
- Enter
$a = Get-VMSystemSwitchExtensionPortFeature -FeatureId 776e0ba7-94a1-41c8-8f28-951f524251b5
$a.SettingData.MonitorMode = 2
add-VMSwitchExtensionPortFeature -ExternalPort -SwitchName <virtual_switch_name> -VMSwitchExtensionFeature $a
Important: Be aware that, if you enable promiscuous mode for a physical port, it directs all the traffic received on that port towards the virtual machine destination.
To learn more about configuring port mirroring on a Hyper-V virtual machine, refer to this article on the Microsoft website.
Related Articles
AlienVault USM Anywhere Customer Quick Start Guide
Summary This document is intended as a step by step guide for new customer implementations of USM Anywhere with an introduction to the incident ticketing process and interacting with the SOC. The solution and service are deployed in phases. The ...XDRaaS - Quick Start Guide (QSG)
XDRaaS – Quick Start Guide The following items will help guide you through what CyFlare’s deployment team will be working on with you, to get you ingesting data, and moving to being monitored, by the SOC, as quickly as possible. The main items that ...XDR: Deploying The Windows Agent
Overview The Windows agent collects relevant security data from Windows event logs running. Forwarding Windows event logs provides necessary log data required for many compliance regulations and increases overall visibility within the organization. ...XDR-Syslog Forwarding- Ports To Send To
Firewall Ports to Open for Log Ingestion Network and security sensors require open inbound UDP ports on your firewall in order to receive and parse logs from devices on your network. The ports are already open by default on the sensor, so you must ...XDR: Deploying the Linux Agent Sensor - Ubuntu/CentOS/RedHat/Debian Deployment
Table of contents Overview The Linux Agent on the servers has the capability to detect various events. Due to the nature of the agent and complexity of what needs to be seen from the server is crucial. The Linux Agent gives us the scope in the ...