쫑콩아빠의 지금 이 순간...

https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/source-port-labeling.html

Identify each packet's entry point

The Source Port Labeling feature of the GigaSMART® engine provides context to packets and allows tools to properly assess network behavior and threats based on where they are happening in the network. When a packet arrives into the Gigamon® Visibility Platform, it could have come from one of dozens or hundreds of network access points.

Before forwarding the packet to a monitoring or security tool, Source Port Labeling adds a trailer to the packet that identifies on which port the packet arrived. The tool can query the Gigamon Visibility Platform using the Rest API and look up the Cisco Discovery Protocol (CDP) or Link Layer Discovery Protocol (LLDP) information associated with the packet’s source port to know exactly where in the network problems or threats reside.

Benefits of the Source Port Labeling feature

• Accurately analyze traffic aggregated from multiple collection points.
• Correlate traffic with CDP/LLDP information on the network.
• Identify incorrect cabling of taps and SPAN ports and verify accuracy of flow maps.

How To: Packet capture on Gigamon interface
2020. 4. 25•How to
Feature
Flow Mapping
Title
How To: Packet capture on Gigamon interface
Objective
Perform packet capture on Gigamon interface for troubleshooting.
 
Environment
HC-Series
Procedure
Please note: This feature is currently available for software version 5.4 and above.

Step1. Identify one unused port on the chassis and enable the port. This unused port will be used to capture and copy the traffic. (port type can be any). Channel port is only required in case you want to capture in direction (Tx or both). It is not required in order to capture only Rx traffic.
Rx = IfInPackets on a port.
Tx = IfOutPackets on a port.
port 1/3/x9 params admin enable
port 1/3/x9 alias unused-channel-port

Step2.  Add a capture filter to start the packet capture. 
#Example1
pcap alias nw-side
port 1/4/g16 both (Interface on which you want to capture the packets)  
channel-port 1/3/x9 (Unused port to copy the traffic)
packet-limit 20000
filter ipsrc 10.10.10.10 /32
exit

#To create another filter, please create another pcap profile.
#Example2
pcap alias IT-side
port 1/3/x11 rx
channel-port 1/3/x10
packet-limit 20000
filter ipdst 30.30.30.30 /32
exit

#Example3
pcap alias SSL
port 1/3/x11 tx
channel-port 1/3/x10
packet-limit 20000
filter ipdst 30.30.30.30 /32
exit

#Verification
show pcap alias nw-side
show pcap
show file pcap

Step3.  Reproduce the problem. 
Initiate a session between the client and server, to ensure that specific packets can be captured.

Step4. Stop the packet capture.
no pcap alias issl1
or
clear pcap all
or 
no pcap all

Step5. Verify if the packet capture file has been created.
show file pcap

Step6. Upload to your local machine or scp/tftp server. 
file pcap upload <filename> scp://user:pass@10.10.10.10/dir/folder/<filename>
file pcap delete-all
file pcap delete <filename>

Step7. Analyze the pcap file

 
Additional Notes
Filtering can be defined based on 6 conditions
IP source
IP destination
Port source
Port destination
Protocol
Tcp control
Tag
packet capture broadcom pcap bcm data port tcpdump

https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/adaptive-packet-filtering.html

Filter matching packet content

The Adaptive Packet Filtering feature is a licensable addition to the GigaSMART® engine that can identify patterns across any part of the network packet, including the packet payload. Adaptive Packet Filtering can use this awareness to filter based on packet contents beyond Layer 2, 3, and 4 headers, including URLs, patterns in BitTorrent packets, basic application identification, and specific encapsulation protocols. Operators can define custom signatures through regular expressions to match their specific applications. The signatures can also identify sensitive data and obscure it before forwarding to tools.

Adaptive Packet Filtering can identify and forward packets based on multiple complex headers and encapsulations, including MPLS, VXLAN, MAC-in-MAC, IP-in-IP (IPv4 and/or IPv6) and others.

Benefits of the Adaptive Packet Filtering feature:

• Identifies and filters packets which use dynamic IP addresses and non-standard ports.
• Filters web-based applications that share the same L2-L4 header information. 
• Removes bandwidth-hogging traffic such as streaming services which doesn’t require monitoring and storage.
• Obscures sensitive data such as credit card and identification numbers wherever they may occur within the packet before sending the packet to monitoring and storage tools.

https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/packet-slicing.html

Eliminate unneeded packet data

The Packet Slicing feature of the GigaSMART® engine truncates packets while preserving the portion of the packet (the protocol headers) required for network analysis. Packet Slicing can parse variable header packets, starting slicing after a named header (IP, TCP, etc.) with or without VLAN and other tags. Thus, there's no need to rely on a fixed offset to slice packets.

Packet Slicing removes payload that may be irrelevant to network monitoring and security analysis. This reduces tool throughput and disk space while improving performance and data retention. It also removes sensitive data before it is stored, which makes regulatory and privacy compliance easier.

Benefits of the Packet Slicing feature

• Removes sensitive information from each packet, thus helping address compliance and confidentiality requirements.
• Improves tool performance by eliminating unnecessary transmission of unneeded packet payload.
• Increases storage capacity by giving tools more room to store the important portions of each packet.
• Increases data retention time on forensic or network recorders.
• Reduces needed disk space for backup traffic by up to 95%.

Packet Slicing: one of many GigaSMART features

GigaSMART® offers a number of other essential traffic intelligence services required for active visibility into infrastructure blind spots, including:

How To: Packet capture on Gigamon interface
2020. 4. 25•How to
Feature
Flow Mapping
Title
How To: Packet capture on Gigamon interface
Objective
Perform packet capture on Gigamon interface for troubleshooting.
 
Environment
HC-Series
Procedure
Please note: This feature is currently available for software version 5.4 and above.

Step1. Identify one unused port on the chassis and enable the port. This unused port will be used to capture and copy the traffic. (port type can be any). Channel port is only required in case you want to capture in direction (Tx or both). It is not required in order to capture only Rx traffic.
Rx = IfInPackets on a port.
Tx = IfOutPackets on a port.
port 1/3/x9 params admin enable
port 1/3/x9 alias unused-channel-port

Step2.  Add a capture filter to start the packet capture. 
#Example1
pcap alias nw-side
port 1/4/g16 both (Interface on which you want to capture the packets)  
channel-port 1/3/x9 (Unused port to copy the traffic)
packet-limit 20000
filter ipsrc 10.10.10.10 /32
exit

#To create another filter, please create another pcap profile.
#Example2
pcap alias IT-side
port 1/3/x11 rx
channel-port 1/3/x10
packet-limit 20000
filter ipdst 30.30.30.30 /32
exit

#Example3
pcap alias SSL
port 1/3/x11 tx
channel-port 1/3/x10
packet-limit 20000
filter ipdst 30.30.30.30 /32
exit

#Verification
show pcap alias nw-side
show pcap
show file pcap

Step3.  Reproduce the problem. 
Initiate a session between the client and server, to ensure that specific packets can be captured.

Step4. Stop the packet capture.
no pcap alias issl1
or
clear pcap all
or 
no pcap all

Step5. Verify if the packet capture file has been created.
show file pcap

Step6. Upload to your local machine or scp/tftp server. 
file pcap upload <filename> scp://user:pass@10.10.10.10/dir/folder/<filename>
file pcap delete-all
file pcap delete <filename>

Step7. Analyze the pcap file

 
Additional Notes
Filtering can be defined based on 6 conditions
IP source
IP destination
Port source
Port destination
Protocol
Tcp control
Tag
packet capture broadcom pcap bcm data port tcpdump

GigaSMART Packet Slicing

# port 1/1/x1 type network
# port 1/1/x5 type tool
# gsgroup alias GS51 port-list 1/5/e1
# gsop alias sliceUDP_7 slicing protocol ump offset 7 port-list GS51
# map alias slice_SNMP_example
    # use gsop sliceUDP_7
    # rule add pass portsrc 161 bidir
    # from 1/1/x1
    # to 1/1/x5
    # exit
# write memory