Copy network traffic for inspection without affecting original traffic

What is It?

Copy network traffic and send it to security appliances for inspection.

Key Point: Original traffic is NOT affected - only a copy is sent.

Think of it as: A CCTV camera - doesn't stop traffic, just watches it.

How It Works

Flow:

1. EC2 Source (ENI) - Traffic originates here
2. Traffic is copied (original continues normally)
3. Optional filter applied
4. Copy sent to Target (NLB or ENI)
5. Security Appliances analyze the copy

Source & Target

Source

What: ENIs where you want to capture traffic from

Target

Where: Copy of traffic is sent

Options:

• ENI (another network interface)
• Network Load Balancer (distributes to multiple appliances)

Location: Same VPC or different VPC (via VPC Peering)

Key Points