02-27-2020 ACM Webcast: Sniffing Traffic in Amazon EC2 with Traffic Mirroring

Active Countermeasures Webcast


Sniffing Traffic in Amazon EC2 with Traffic Mirroring

Amazon EC2 is a great solution for quickly spinning up virtual machines. The only downside is that we lose our ability to leverage network based security tools that rely on decoding the packet stream, like traffic monitors and intrusion detection systems. Luckily, that no longer needs to be a thing.

In this webcast we will walk you through how to leverage Amazon’s VPC traffic mirroring and the VXLAN protocol to create a VM capable of monitoring the traffic to and from other VMs. The goal will be a monitoring system that is running Zeek, RITA and Suricata, so we have the ability to detect all sorts of nastiness.

We will even walk through how to test the system so that we are sure everything is working properly.

Check out our open source tool RITA prior to the webcast.

Download Slides: Presentations > >ACM_Webcasts >> SniffingTrafficinAmazonEC2withTrafficMirroring_02272020

Presented by: Chris Brenton & Bill Stearns


  • 00:00 –Intro
  • 04:18 –Traffic Mirroring
  • 07:55 –What is VXLAN
  • 16:20 –Configuration Overview
  • 26:27 –Configuration Walkthrough
  • 48:43 –Test Yourself Before You Wreck Yourself
AC-Hunter Datasheet
AC-Hunter Personal Demo
What We’re up To