Ethernet
Info
This guide is still a work in progress and currently focuses on the most critical aspects of Ethernet monitoring with nzyme.
Nzyme can collect and monitor Ethernet data from any local interface. You can configure multiple interfaces for
monitoring by adding a section to your nzyme-tap configuration file. For example, to monitor the interface eth0,
add the following:
[ethernet_interfaces.eth0]
active = true
networks = [
{ cidr = "192.168.0.0/24", dns_servers = [ "192.168.0.1:53" ], injection_interface = "eth1" }
]
The networks configuration is optional and can be left as an empty array [].
Configuring Networks
Each interface can optionally be configured with networks, providing nzyme with more information about the traffic
you expect to flow through the interface. This helps nzyme to make sense of the data and enables additional
functionality, including:
A networks configuration looks like this:
networks = [
{ cidr = "192.168.0.0/24", dns_servers = [ "192.168.0.1:53" ], injection_interface = "eth1" }
]
| Variable | Optional | Description |
|---|---|---|
cidr |
Required | The CIDR of the network (Required configuration) |
dns_servers |
Optional | A list of internal DNS servers reachable from this network. They should be able to answer PTR (reverse DNS) queries for hosts in this network. |
injection_interface |
Optional | Name of a network interface that is able to reach hosts on this network. Used for injecting data. Note that hardware taps do usually not allow to inject traffic. |
All changes to the configuration file require a restart of nzyme-tap to take effect.
After Configuration
Once configured, Nzyme will automatically collect and analyze all relevant data passing through that interface. For more detailed information on the analysis performed by nzyme, please refer to the specific protocol documentation pages.
Typically, taps are connected to the mirror port of a switch or gateway. For more details, visit the positioning taps page.