Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Switch with port mirroring - playing with bandwidth monitoring
davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

#196450 31-May-2016 18:56
Send private message

So I've just picked up a to link sg1024de rack mount switch. Apparently it does port mirroring, which I assume I can use for looking at lan and wan bandwidth monitoring.

I've hit a could if virtual Linux machines. What would I put in them that's relatively easy to figure out and that would give me some pretty graphs to look at. I dont have a problem to look st, just want to gave a toodle.




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 

Create new topic
BarTender
3629 posts

Uber Geek
+1 received by user: 2572

ID Verified
Trusted
Lifetime subscriber

  #1563375 31-May-2016 23:33
Send private message

Graphite/Grafana or Cacti make pretty graphs based on port stats.

 

But if you wanted to get browsing habits of your internals then squid would be required. Then you could use something like this: https://github.com/akashihi/graphite-squid

 

 

 

 



davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

  #1563421 1-Jun-2016 06:30
Send private message

So if the vm is connected to the same NIC as the host and other vms - should I just be able to connect the lot to the mirroring port (physically) and in the Linux machine just tell it to start collecting?

Or do I need to make some virtual vlans etc and give the Linux Machine two nics .




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 

chimera
563 posts

Ultimate Geek
+1 received by user: 199

ID Verified

  #1563534 1-Jun-2016 10:33
Send private message

davidcole: So if the vm is connected to the same NIC as the host and other vms - should I just be able to connect the lot to the mirroring port (physically) and in the Linux machine just tell it to start collecting?

Or do I need to make some virtual vlans etc and give the Linux Machine two nics .

 

If you had a physical machine connected direct to the mirror port, then it would be easy as - you'd just start packet capture with whatever software you're using and away you go.

 

You didn't mention which hypervisor you're running - I'll assume VMWare ESXi...  because you're running a VM and that VM is on a virtual switch, then you will need to enable promiscuous mode on the vSwitch/PG (because with promiscuous mode disabled, then by default the VM will only receive traffic that's destined for it)  



davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

  #1563558 1-Jun-2016 11:02
Send private message

chimera:

 

davidcole: So if the vm is connected to the same NIC as the host and other vms - should I just be able to connect the lot to the mirroring port (physically) and in the Linux machine just tell it to start collecting?

Or do I need to make some virtual vlans etc and give the Linux Machine two nics .

 

If you had a physical machine connected direct to the mirror port, then it would be easy as - you'd just start packet capture with whatever software you're using and away you go.

 

You didn't mention which hypervisor you're running - I'll assume VMWare ESXi...  because you're running a VM and that VM is on a virtual switch, then you will need to enable promiscuous mode on the vSwitch/PG (because with promiscuous mode disabled, then by default the VM will only receive traffic that's destined for it)  

 

 

 

 

Yeah I'm beginning to think that.  Would a Raspberry pi be fast enough to deal with the packets from a gigabit switch?

 

BTW using Hyper-V.  There seems to be a bit of mirroring information for it.  But it's getting ot the too hard basket

 

 




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 

chimera
563 posts

Ultimate Geek
+1 received by user: 199

ID Verified

  #1563561 1-Jun-2016 11:09
Send private message

davidcole:

 

chimera:

 

davidcole: So if the vm is connected to the same NIC as the host and other vms - should I just be able to connect the lot to the mirroring port (physically) and in the Linux machine just tell it to start collecting?

Or do I need to make some virtual vlans etc and give the Linux Machine two nics .

 

If you had a physical machine connected direct to the mirror port, then it would be easy as - you'd just start packet capture with whatever software you're using and away you go.

 

You didn't mention which hypervisor you're running - I'll assume VMWare ESXi...  because you're running a VM and that VM is on a virtual switch, then you will need to enable promiscuous mode on the vSwitch/PG (because with promiscuous mode disabled, then by default the VM will only receive traffic that's destined for it)  

 

 

 

 

Yeah I'm beginning to think that.  Would a Raspberry pi be fast enough to deal with the packets from a gigabit switch?

 

BTW using Hyper-V.  There seems to be a bit of mirroring information for it.  But it's getting ot the too hard basket

 

 

 

 

*ugh* Hyper-V... 

 

It sounds like you're more familiar with Windows?  Go and install a Windows VM and download and run Wireshark and play around with that combo.  Its an easier tool to learn packet structures with.

 

Cheers

 

 

Decal
222 posts

Master Geek
+1 received by user: 26

ID Verified

  #1563571 1-Jun-2016 11:21
Send private message

If you want to a break down of the applications and URLs. You can use PRTG which has a packet sniffer feature and gives you a visual break down of the traffic. The computer/VM running the PRTG sniffer will require 2 NICs, 1 to plug into the Mirrored port and the other for management.

 
 
 
 

Shop now on AliExpress (affiliate link).
davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

  #1563575 1-Jun-2016 11:31
Send private message

Decal:

 

If you want to a break down of the applications and URLs. You can use PRTG which has a packet sniffer feature and gives you a visual break down of the traffic. The computer/VM running the PRTG sniffer will require 2 NICs, 1 to plug into the Mirrored port and the other for management.

 

 

Yeah I figured it would need two nics....so I guess the next question is more hyper-v (or you can relate to vmware if you want), if the host has 2 nics....both are connected to the switch, 1 to a normal port, and the other to the mirroring port.  Is the NIC connected to the mirroring port now useless for any traffic by what will be passed to the VM for monitoring?  Or does it just act like a normal port?




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 

Decal
222 posts

Master Geek
+1 received by user: 26

ID Verified

  #1563642 1-Jun-2016 13:31
Send private message

davidcole:

 

Decal:

 

If you want to a break down of the applications and URLs. You can use PRTG which has a packet sniffer feature and gives you a visual break down of the traffic. The computer/VM running the PRTG sniffer will require 2 NICs, 1 to plug into the Mirrored port and the other for management.

 

 

Yeah I figured it would need two nics....so I guess the next question is more hyper-v (or you can relate to vmware if you want), if the host has 2 nics....both are connected to the switch, 1 to a normal port, and the other to the mirroring port.  Is the NIC connected to the mirroring port now useless for any traffic by what will be passed to the VM for monitoring?  Or does it just act like a normal port?

 

 

 

 

It will only be able to be used to monitor the traffic. From memory with Hyper v I think you can create a v switch that can include that physical port and then at the VMs second vNIC to that vswitch and it should receive all the traffic. You will probably need to enable promiscuous mode (Cant remember if Hyper-V has this/ if it does what its called).

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright