Traffic mirroring, also called port mirroring or Switched Port Analyzer(SPAN), is to replicate network packets from interface to interface. This article talks about traffic mirroring via pfsense.

I use Vmware Workstation to build the network environment, the network topology is shown as figure below:

Fig.1 Network topology
Fig.1 Network topology
  • pfsense 2.4.x is installed on a vm, and there are three network adapters attached to it
    1. WAN: 192.168.116.0/24
    2. LAN: 192.168.153.0/24
    3. OPT1: 192. 168.33.0/24, port mirroring all network traffic from LAN

To port mirroring all network traffic from LAN to OPT1, it goes to the pfsense Dashboard, under Interfaces/Bridges:

  1. configure LAN as one of bridge members
  2. configure OPT1 as SPAN port
  3. and save configure

as figure below:

Fig.2 SPAN configure
Fig.2 SPAN configure

Now all network traffic of LAN is mirrored to OPT1, real time traffic shown as figure below

Fig.3 port mirroring form LAN to OPT1
Fig.3 port mirroring form LAN to OPT1

We can see LAN traffic on OPT1 interface.