1 Reply Latest reply on Nov 7, 2019 3:48 PM by scott28tt

    Port Mirror Scenario

    merasil Lurker

      Hi there,

       

      first of all: I dont know if i am at the right place here. If this is not the right place to ask this question than i am really sorry

       

      My Scenario is the following:

      I got one virtual DNS Server which gets queries from internal clients. I want to install an analyzing server that gets all those queries too.

      I cant do it the "normal" way where i just set the virtual nic into promiscious mode and sniff all the traffic. That will not work since the analyzing server is a commercial appliance that works also as DNS Server. The developer of that software sees his products more like a replacement rather than an extension to the current dns infrastructure.

       

      So my idea is to setup a portmirror and let the analyzing server think that all those packets are meant for it. I would set the ip and mac the same as my current dns server.

      My Questions here are:

       

      1. Is this even possible in a virtual enviroment? I know how i would do that on physical hardware, but my experience is limited with vmware.

      2. When i set up a port mirror like discribed, how do i prevent that answers from the analyzing server gets back to the clients since i only want the server to analyze the traffic?

       

      Greetings and best regards