services / Google Cloud / Compute Engine packet mirroring

Packet mirroring allows duplication and forwarding of packets on a virtual private cloud.

Packet mirroring allows inspection of network traffic, allowing access to unencrypted network data.


Consumes mirroring quota and incurs spend proportional to the amount of mirrored network data. When combined with a compromised instance (used as the packet collector), allows collection of network data.



This privilege may grant access to confidential data, or its exploit can incur operational cost.


  • https:​/​/​cloud.​google.​com/​vpc/​docs/​packet-​mirroring
  • https:​/​/​cloud.​google.​com/​sdk/​gcloud/​reference/​compute/​packet-​mirrorings
  • https:​/​/​cloud.​google.​com/​compute/​docs/​reference/​rest/​v1/​packetMirrorings
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog