Configure Network Interfaces
NetMon appliances can be configured to work with two or more Ethernet/Fiber interfaces. The AddEth.pl script is used to generate the initial configuration files for the interfaces you are planning to use. This step is required on all new installations and can be re-run on existing installations when a new Network Card is added or you wish to change the NIC configuration.
NetMon Interface Roles
Management (mandatory) - This is used for accessing the NetMon Web UI, sending syslog traffic, retrieving PCAP data, etc. All user interaction with NetMon happens through this IP, and this IP can be DHCP or Static.
Recovery (optional if interface count is <4, required if >4) - This is used to access NetMon via a fixed local static IP (172.16.0.10/24) should the management interface become unavailable.
Capture/Bond - These interfaces are used for receiving traffic for inspection to NetMon. If multiple capture interfaces are used, NetMon will create a bond and all capture interfaces will be bond-child interfaces. This does not require any bonding configuration on your switch. NetMon supports up to eight capture interfaces. These interfaces are not IPv4 enabled.
Whenever a new interface is added, the AddEth.pl script can be used to create the necessary network configuration files for NetMon. The AddEth.pl script updates the configuration files for the interfaces and also updates the NetMon configuration files to use the new interfaces.
If you experience issues following Network/NIC assignments, remove all files under /etc/sysconfig/network-scripts, restart NetworkManager using the following command and re-run AddEth.pl to generate fresh config files.
systemctl restart NetworkManager
Interface names will vary depending on the type of system on which you have installed NetMon - these may be eth#, eno#, or other formats. Use the following command to view the list of interfaces on your system tied to their appropriate hardware:
sudo lshw -c Network -short
AddEth
Location: /usr/local/probe/scripts/AddEth.pl
After running AddEth.pl, you must restart NetworkManager for the configuration changes to apply.
Options:
-h, --help Display program help
-i, --ip [ip address] Static IP address for Management Interface
-s, --subnetmask [netmask] Netmak for Management Interface
-g, --gateway [ip address] Gateway IP address
-a, --altrip Use alternative IP address (172.16.0.10)
for Recovery Interface Default recovery IP
address is 192.168.0.10.
NOTE: Alternative IP address will revert to
192.168.0.10 if management interface is not
on a 192.168.x.x network.
-m, --management [interface] NetMon management interface
-r, --recovery [interface] NetMon recovery interface. The IP address
will be either 192.168.0.10 or 172.16.0.10.
-b, --bonded [interface]... Specify one or more Ethernet interfaces
(comma separated) to use in a bonded
interface for packet capture and analysis
by NetMon (i.e. TAP interfaces).
-c, --capture [interface] Which Ethernet interface to use for packet
capture and analysis (i.e., a single TAP
interface).
AddEth.pl accepts --bonded or --capture,
but not both.
Examples
Two Interfaces using DHCP (one Management, one Capture)
sudo /usr/local/probe/scripts/AddEth.pl -m <management interface> -c <capture interface>
systemctl restart NetworkManager
Two Interfaces using Static IP (one Management, one Capture)
sudo /usr/local/probe/scripts/AddEth.pl -m <management interface> -c <capture interface> -i <static IP> -s <netmask> -g <gateway>
systemctl restart NetworkManager
Four Interfaces using DHCP (one Management, one Recovery, two Capture)
sudo /usr/local/probe/scripts/AddEth.pl -m <management interface> -r <recovery interface> -b <bonded interface>,<bonded interface2>
systemctl restart NetworkManager
The comma-separated list of bonded interfaces is where you can add multiple interfaces used for packet capture. Up to eight interfaces can be used for packet capturing on a single NetMon appliance.
Six Interfaces using Static IP (one Management, one Recovery, four Capture)
sudo /usr/local/probe/scripts/AddEth.pl -m <management interface> -r <recovery interface> -b <bonded interface>,<bonded interface2>,<bonded interface3>,<bonded interface4> -i <static IP> -s <netmask> -g <gateway>
systemctl restart NetworkManager