Promiscuous mode for packet capture in GCP
1,160 views
Skip to first unread message
Arnold Chan
Jun 9, 2017, 9:07:29 AM6/9/17
to gce-discussion
I would like to deploy Network Security Monitoring (NSM) in the cloud by using port mirroring for packet capture.
There's no way in GCP that in any VM instance, I can setup a promiscuous mode on the network interface.
In the market now, only Ravello can setup advanced network configuration for this to be work while running on the Google Cloud.
https://www.ravellosystems.com/blog/packet-capture-on-aws/
Seem like AWS can deploy SecurityOnion in the cloud with no issue at the moment.
Does GCP has any alternative way to make this happen?
Carlos (Cloud Platform Support)
Jun 9, 2017, 2:37:51 PM6/9/17
to gce-discussion
Hi Arnold,
You could try a setup like the one described in this discussion. I do not see other options.
Although some product managers usually monitor this space, I strongly encourage you to raise this matter in the User Voice forum. They closely follow customer feedback there.
You could try a setup like the one described in this discussion. I do not see other options.
Although some product managers usually monitor this space, I strongly encourage you to raise this matter in the User Voice forum. They closely follow customer feedback there.
Arnold Chan
Jan 23, 2020, 11:40:20 PM1/23/20
to gce-discussion
For anyone who's interested and would like to deploy NSM in GCP; after two-years of this post, GCP finally release the packet mirroring feature
We can implement it
the same way for VPC networks to get traffic clone to a SecOnion
instance hosted within the same shared VPC using CloudClient.
Reply all
Reply to author
Forward
0 new messages