AWS Certified Advanced Networking - Specialty: Deep Dive into Packet Analysis on EC2 Instances

Deep Dive into Packet Analysis on EC2 Instances

Prev Question Next Question

Question

Which of the following services can be used to do a deep dive into the packets sent across to EC2 Instances.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - D.

All of the services such as Flowlogs give you metadata on the traffic.

It will not give a deep dive into the actual packets.

You need to use a custom software for this.

An example of this is given in the below link:

http://fmad.io/blog-aws-packet-capture-ec2.html

The correct answer is C. FlowLogs.

Flow Logs is an AWS service that captures information about the IP traffic going to and from network interfaces in your Amazon VPC. This information is stored in Amazon CloudWatch Logs or Amazon S3, and can be used to troubleshoot connectivity and security issues, as well as to analyze network traffic patterns.

Flow Logs can capture metadata such as the source and destination IP addresses, ports, protocols, packet counts and sizes, and the time of transmission for each packet. This information can be used to gain visibility into the network traffic flowing to and from your EC2 instances, and to identify patterns of traffic that might indicate security threats or performance issues.

CloudWatch is a monitoring and logging service that provides metrics and logs about your AWS resources, including EC2 instances. However, it does not provide a deep dive into the packets sent across to EC2 instances.

CloudTrail is a service that records API calls made in your AWS account and delivers log files to an S3 bucket. It provides audit and compliance logs, but it does not capture network traffic data.

Therefore, the correct answer to the question is C. FlowLogs.