AWS have released a new service for mirroring traffic in a VPC to a ENI or a Load Balancer. This allows you to pipe traffic to your favorite TCP Packet Capturing tool.
Finally! 🙂 Promiscuity hits the cloud 😉 Well nearly all of it as its not available in all regions just yet. ” VPC Traffic Mirroring is available now and you can start using it today in all commercial AWS Regions except Asia Pacific (Sydney), China (Beijing), and China (Ningxia). Support for those regions will be added soon. ” Of course I’m in Sydney! :\
The blog post is found here: https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring/
From the post the following partners can be used to receive captures who have also posted blogs:
- Big Switch Networks – AWS Traffic Monitoring with Big Monitoring Fabric.
- Blue Hexagon – Unleashing Deep Learning-Powered Threat Protection for AWS.
- Corelight – Bring Network Security Monitoring to the Cloud with Corelight and Amazon VPC Traffic Mirroring.
- cPacket Networks – It’s Cloudy Today with a High Chance of Packets.
- ExtraHop – ExtraHop brings Network Detection & Response to the cloud-first enterprise with Amazon Web Services.
- Fidelis – Expanding Traffic Visibility Natively in AWS with Fidelis Network Sensors and Amazon VPC Traffic Mirroring.
- Flowmon – Flowmon Taking Advantage of Amazon VPC Traffic Mirroring.
- Gigamon – Gigamon GigaVUE Cloud Suite for Amazon Web Services and New Amazon VPC Traffic Mirroring.
- IronNet – IronDefense and IronDome Support for Amazon VPC Traffic Mirroring.
- JASK – Amazon VPC Traffic Mirroring.
- Netscout – AWS Traffic Mirroring Contributes to NETSCOUT’s Smart Data Intelligence.
- Nubeva – Decrypted Visibility With Amazon VPC Traffic Mirroring.
- Palo Alto Networks – See the Unseen in AWS Mirrored Traffic With the VM-Series.
- Riverbed – SteelCentral AppResponse Cloud to Support New Amazon VPC Traffic Mirroring.
- Vectra – Securing your AWS workloads with Vectra Cognito.