Metlo supports capturing API traffic using GCP Traffic Mirroring. This allows you to mirror traffic from a subnet, instance or tag.

1. Create a Service Account

Metlo mirroring on GCP requires a service account with the following permissions:

  • Compute Admin
  • Compute packet mirroring admin
  • Compute packet mirroring user
  • IAP-secured Tunnel User

2. Install Metlo’s CLI Tool

You can install metlo from npm by running the following:

Bash
npm i -g @metlo/cli

3. Set up Traffic Mirroring

To set up traffic mirroring run the following:

Bash
$ metlo traffic-mirror gcp new
 GCP Project Name · metlo-security
 GCP Network to mirror · default
 Select your GCP zone · us-central1-a
 Path to GCP key file · <PATH TO GCP KEY FILE>
 Validated account details
Validated account details succesfully
 Select your mirror source type · SUBNET
 Enter the mirror source subnet name · default
 Verified mirror source details
 Created destination subnet
 Created Firewall rule
 Obtained router details
 Mirror Instance Type · e2-standard-2
 Metlo URL · http://<YOUR_METLO_HOST>:8081
 Metlo API Key · <YOUR_METLO_API_KEY>
 Created MIG for metlo
 Created health check
 Creating Backend service for packet mirroring
 Created load balancer
 Started packet mirroring

Traffic Mirror additional items

Simply run metlo traffic-mirror gcp new.

Bash

Bash
$ metlo traffic-mirror gcp new
 GCP Project Name · metlo-security
 GCP Network to mirror · default
? Select your GCP zone …
 Select your GCP zone · us-central1-a
 Path to GCP key file · <PATH TO GCP KEY FILE>
 Validated account details
 Select Packet Mirroring instance · metlo-packet-mirroring-ABCD1234
 Select your mirror source type · TAG
 Enter the mirror source tag name · https-server
 Updated packet mirroring
  Done in 46.69s.

List Mirrored items

Currently mirrored items can be retrieved by metlo traffic-mirror gcp list

Bash
$ metlo traffic-mirror gcp list
 GCP Project Name · metlo-security
 GCP Network to mirror · default
? Select your GCP zone …
 Select your GCP zone · us-central1-a
 Path to GCP key file · <PATH TO GCP KEY FILE>
 Validated account details
  Done in 15.70s.
 Metlo Mirroring Sessions

Removed mirrored item

Mirrored items can be removed by metlo traffic-mirror gcp remove

Bash
$ metlo traffic-mirror gcp remove
 GCP Project Name · metlo-security
 GCP Network to mirror · default
? Select your GCP zone …
 Select your GCP zone · us-central1-a
 Path to GCP key file · <PATH TO GCP KEY FILE>
 Validated account details
 Select Packet Mirroring instance · metlo-packet-mirroring-ABCD1234
 Select your mirror source type · INSTANCE
 Enter the mirror source instance name to remove · <INSTANCE NAME>
 Deleted resource from packet mirroring succesfully
  Done in 60.01s.