I am building packet mirroring using the Linux type's iptables tee module. In the case of instances(EC2), we confirmed that promiscuous mode can be set on AWS console configuration. than, I wonder if it's possible to use promiscuous mode on ELB(ALB,NLB), not instance(EC2). Related design plans are as follows.
(communicate) (duplicate)
** A(EC2) ====> B (ELB) -------------> C (ELB(NLB/ALB) / litsening )
Ps. Or, Do you have any good idea when we capture real-time Network traffic ?
Promiscuous mode doesn't work in AWS, and you can't do anything like that with an ELB. If you had a load balancer you set up using HAProxy or similar maybe you could do it in software.
VPC flow logs let you capture information about each flow in a VPC, but it's not packet capture.
VPC Traffic Mirroring might do what you want.
You can think of VPC Traffic Mirroring as a “virtual fiber tap” that gives you direct access to the network packets flowing through your VPC. As you will soon see, you can choose to capture all traffic or you can use filters to capture the packets that are of particular interest to you, with an option to limit the number of bytes captured per packet. You can use VPC Traffic Mirroring in a multi-account AWS environment, capturing traffic from VPCs spread across many AWS accounts and then routing it to a central VPC for inspection.
