AWS Security Traffic Monitoring and Packet Analysis

Languages Available: Español (Latinoamérica) | 日本語 | 한국어 | Português (Brasil) | 中文（简体)

Security engineers can use Amazon VPC Traffic Mirroring to send a complete copy of traffic to a target of their choice. This is a very important capability to allow for in-depth traffic monitoring, analysis, and threat detection. In this lab, you learn how to use VPC Traffic Mirroring to capture the traffic of your interest for monitoring purposes.

Level

Fundamental

Duration

1 Hours 0 Minutes

Course Objectives

In this course, you will learn how to:

• Identify the elastic network interfaces (ENI) to be used for Traffic Mirroring.
• Configure a traffic mirror target.
• Configure a traffic mirror filter to select traffic of interest.
• Create a traffic mirror session.
• Verify that selected traffic is being sent to the mirror target.
• Modify the traffic mirror filter to capture different traffic.
• Send the captured packets to a file for detailed analysis.

Intended Audience

This course is intended for:

• Security Engineers
• Architects

Prerequisites

We recommend that attendees of this course have the following prerequisites:

• AWS services as defined in the AWS Cloud Practitioner Essentials course.
• Networking concepts such as IP Addressing and CIDR notation.
• Navigating through the AWS Management Console.
• Running commands in a Linux command line interface (CLI).

Course Outline

• Task 1: Identify the network interfaces to be used for Traffic Mirroring
• Task 2: Configure a traffic mirror target
• Task 3: Configure a traffic mirror filter
• Task 4: Configure a traffic mirror session
• Task 5: Capture and verify mirrored traffic at the target host
• Task 6: Modify the traffic mirror filter to capture different traffic
• Task 7: Send the captured traffic to a file