Any recommendation for a lightweight tool or open source script that I could drop into a SPAN port that can simply give me a report of all TCP/UDP port traffic flows source and destination that is captured? I need to create specific ACL rules to lockdown the traffic.
Backstory: I work at a large company where our network sniffers are owned by a separate team and those sniffers are only configured to monitor traffic leaving our network towards the internet.
What: I've been given the task that we want to start locking down some VLANs that currently have no traffic restrictions, the problem is this VLAN has over 20+ different teams throwing their devices in that VLAN and in my last project with just 1 team (telecom/voip team) they did not have their shit together or understand their traffic patterns so we spent several months writing ACLs, implementing it, breaking it, rolling back and trying it again.
I'm trying to avoid the same scenario where other teams don't know which TCP/UDP ports they need and where their devices are talking to, the challenge is the other team in my large organization will not reconfigure their network sniffers to capture internal traffic, so my option seems to be roll my own solution that just plugs onto a SPAN port to listen to traffic and generate a report.
It would need to be open source/free, all that I am looking for is source <-> destination, protocol and port numbers... is there any such script or solution for this? Traffic is between 400 Mbps - 3 Gbps peak.
No comments:
Post a Comment