Use Traffic Mirroring in Amazon VPC for Security Purposes
In this lab, you will create a VPC traffic mirror session to capture all packets from your production EC2 instance for security purposes and future analysis. You will generate network traffic against the production instance manually, and then verify that your packet capture works as expected.
Terms and conditions apply.
Challenge
Obtain Network Details for Production EC2 Instances
Get the IP address and network interface ID for the source and target EC2 instances.
Challenge
Install Packet Capture Software on the Target EC2 Instance
Configure the target with open-source software that will capture all network packets from the source.
Challenge
Create the VPC Traffic Mirror Target
Configure VPC to use the target EC2 instance as its traffic mirror target for the packet capture.
Challenge
Create the VPC Traffic Mirror Filter
Configure VPC to capture all inbound traffic for all protocols.
Challenge
Create the VPC Traffic Mirror Session
Configure VPC to capture the inbound network traffic for the source EC2 instance, using the filter for all protocols, and mirror to the target.
Challenge
Generate Network Traffic and Verify the Packet Capture
Run low-level network utilities against the source EC2 instance to create network traffic, and view the packet capture output on the target.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
Recommended prerequisites
- Amazon VPC
- Amazon EC2
- Linux cli commands (e.g., yum)
- basic networking knowledge (e.g., UDP)