Skip to main content

Gigamon GTP-ASF01 SOP

Prerequisites​

  • 1 Gigamon GTP-ASF01 TAP
  • 1 Gigamon GTP-ASF01 power supply
  • 4 SFPs (ex. 4x 1GB Dell Copper SFPs)
  • 4 network cables
  • 1 MIP [/w power supply]
  • 1 USB NIC
  • 1 USB serial cable

Pre-Execution Checks​

  1. Make sure to test functionality of TAP with specific SFPs before you implement on Mission Partner system
    1. Ex. Set up successful ping between two devices and then implement your TAP solution to verify you are still getting a successful ping
      1. Verify you can capture the traffic from the two analysis ports using the steps listed in the Steps section
  2. If you need to configure or verify configuration use USB to serial dongle
    1. Serial port is the top left port when facing the device
    2. 115200 bps everything else default
    3. Default vendor password is root123

Steps​

Setup MIP​

  1. identify the interfaces you're going to use using ip link OR the setup script
    1. use ip link to identify interfaces
    2. use the 262COS RHEL Setup Script found on the desktop
      1. choose [3] Configure RHEL networking
      2. take note of the interfaces listed at the top
      3. plugin the USB NIC
      4. choose [R] refresh displayed status
      5. take note of the interfaces listed at the top
  2. Set both MIP NICs IPv4 and IPv6 settings to disable
  3. If you're using external storage, mount and get that drive's path (lsblk)

Setup Tap​

  1. Identify where you want to listen to on the Mission Partner Network(MPN). MPN
  2. Disconnect the connection you want to TAP and reroute traffic through the device as shown below
  3. Analyst MIP will connect to both monitor Ports using USB NIC and onboard NIC Setup

Start packet capture​

# for permission reasons work out of a dir where ther owning user and group are both root
sudo mkdir ./someWorkingDir
sudo cd ./someWorkingDir
# start the capture and write to files this will write up to 50 x 1GB files
sudo tshark -i <interface1 name> -i <interface2 name> -w filename.pcap -b filesize:1024000 -b files:50
# chown the files to assessor:assessor so we don't have permission issues
sudo chown assessor:assessor ./someWorkingDir/*.pcap

Troubleshooting​

  1. tshark: the file to which the capture would be saved (/your/path) could not be opened: Permission denied.
    • write your files to somewhere in /tmp or external drive to avoid this permission issue