Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Deploying Network Sensor on Hyper-V

            Created by Raeez Abdulla, Modified on Thu, 14 Dec, 2023 at 2:49 PM by Raeez Abdulla


            Setting up a network sensor in Hyper-V involves creating a virtual machine (VM) that will act as the sensor to monitor network traffic.


            This article describes about the process of configuring Hyper-V to facilitate the deployment of a network sensor.


            Architecture


            To set up the configuration, two ports are required, both linked to the core switch. One port is designated for the sensor's management connection, while the other serves as the output for the SPAN session from the core switch, connecting to a physical NIC on the Hyper-V server.



            To configuration of Hyper-V for the monitoring the traffic is a two step process, 



            1. Create a virtual switch on Hyper-V.
              • Configure the connection type as an external network.
              • Select the port connected to the SPAN session from the Core switch.
            2. Create a virtual machine on the host with 2 virtual network cards.
              • One card designated for management.
              • The other card allocated for the monitoring port.
              • Connect the monitoring port of the virtual Linux machine to the VSwitch created in step 1.


            To create the Virtual Switch for monitoring, 

            1. Open to Hyper-V Manager and Open Virtual Switch Manager


            2. Click on New virtual virtual network switch and give it a name (SPAN in this screenshot), Select the Connection type as External Network and select the network  port  where the span port from Core Switch is connected.

            3. Next, go to Extensions and Enable Microsoft NDIS Capture
            4. Next Create a virtual machine and two network adaptors.
              • One commented to the  Management network.
              • Second adaptor connected to SPAN virtual switch.


            5. Click on the adaptor connected to the SPAN virtual switch, go to advanced Features,  in Port mirroring section select Mirroring mode as Destination.

            6. Run Below Command from Powershell,
              • $enableSPAN = Get-VMSystemSwitchExtensionPortFeature -FeatureName "Ethernet Switch Port Security Settings"
$enableSPAN.SettingData.MonitorMode = 2
Add-VMSwitchExtensionPortFeature -ExternalPort -SwitchName SPAN -VMSwitchExtensionFeature $enableSPAN

            That completes the setup required in Hyper-V





            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0