Metlo supports capturing API traffic using
GCP Traffic Mirroring. This
allows you to mirror traffic from a subnet, instance or tag.
1. Create a Service Account
Metlo mirroring on GCP requires a service account with the following
permissions:
- Compute Admin
- Compute packet mirroring admin
- Compute packet mirroring user
- IAP-secured Tunnel User
You can install metlo from npm by running the following:
3. Set up Traffic Mirroring
To set up traffic mirroring run the following:
$ metlo traffic-mirror gcp new
✔ GCP Project Name · metlo-security
✔ GCP Network to mirror · default
✔ Select your GCP zone · us-central1-a
✔ Path to GCP key file · <PATH TO GCP KEY FILE>
✔ Validated account details
Validated account details succesfully
✔ Select your mirror source type · SUBNET
✔ Enter the mirror source subnet name · default
✔ Verified mirror source details
✔ Created destination subnet
✔ Created Firewall rule
✔ Obtained router details
✔ Mirror Instance Type · e2-standard-2
✔ Metlo URL · http://<YOUR_METLO_HOST>:8081
✔ Metlo API Key · <YOUR_METLO_API_KEY>
✔ Created MIG for metlo
✔ Created health check
✔ Creating Backend service for packet mirroring
✔ Created load balancer
✔ Started packet mirroring
Traffic Mirror additional items
Simply run metlo traffic-mirror gcp new.
Bash
$ metlo traffic-mirror gcp new
✔ GCP Project Name · metlo-security
✔ GCP Network to mirror · default
? Select your GCP zone …
✔ Select your GCP zone · us-central1-a
✔ Path to GCP key file · <PATH TO GCP KEY FILE>
✔ Validated account details
✔ Select Packet Mirroring instance · metlo-packet-mirroring-ABCD1234
✔ Select your mirror source type · TAG
✔ Enter the mirror source tag name · https-server
✔ Updated packet mirroring
✨ Done in 46.69s.
List Mirrored items
Currently mirrored items can be retrieved by metlo traffic-mirror gcp list
$ metlo traffic-mirror gcp list
✔ GCP Project Name · metlo-security
✔ GCP Network to mirror · default
? Select your GCP zone …
✔ Select your GCP zone · us-central1-a
✔ Path to GCP key file · <PATH TO GCP KEY FILE>
✔ Validated account details
✨ Done in 15.70s.
Metlo Mirroring Sessions
Removed mirrored item
Mirrored items can be removed by metlo traffic-mirror gcp remove
$ metlo traffic-mirror gcp remove
✔ GCP Project Name · metlo-security
✔ GCP Network to mirror · default
? Select your GCP zone …
✔ Select your GCP zone · us-central1-a
✔ Path to GCP key file · <PATH TO GCP KEY FILE>
✔ Validated account details
✔ Select Packet Mirroring instance · metlo-packet-mirroring-ABCD1234
✔ Select your mirror source type · INSTANCE
✔ Enter the mirror source instance name to remove · <INSTANCE NAME>
✔ Deleted resource from packet mirroring succesfully
✨ Done in 60.01s.
