Solved

Capture traffic using virtual machine

Posted on 2010-09-21
7
1,021 Views
Last Modified: 2013-11-06
Hi,

I'm trying to use a virtual environment to capture traffic from a real switch but I have problems with the traffic that the virtual NIC is able to see...

The environment is the following:

I have a server with four NICs running windows 2008 R2 and Hyper-V. I use one NIC to manage the server.

I have started with one virtual machine running windows 2008 R2 and wireshark to capture traffic. The virtual machine has two NICs configured, one to manage and other to capture the traffic, both are connected to different real NICs.

When I try to capture traffic through the interface connected to the real NIC connected to the switch port, I can't see all the traffic... I don't know if it's not possible or if I need to configure something in the virtual machine to allow this feature...

Thanks in advanced.
0
Comment
Question by:ecemibm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
7 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33733985
Did you try to use Microsoft Network Monitor?

http://support.microsoft.com/kb/933741
0
 

Author Comment

by:ecemibm
ID: 33734142
The issue is not related with the software used to capture the traffic. We have this environment running on a real environment with the same features and software and it's running without problems... I think it's something related with the virtual networking in Hyper-v and the possibility to set a promiscuous mode in the virtual switch...

I know that VMWare manage this issue but I don't know if Hyper-V has this feature...
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33734158
OK, I will dig it in my env and I would try to help you, tomorrow, because I'm going home, ok?
0
 
LVL 15

Accepted Solution

by:
msmamji earned 500 total points
ID: 33761190
To the best of my knowledge, it is not supported, yet.
To date Hyper-V doesn't support promiscuous mode on virtual interfaces. Virtual switches in Hyper-V seem to act like per-port switching. Your VM will only see broadcast traffic and traffic bound for it.

Haven't used VMware but have heard they support promiscuous mode.
How to Set HyperV NIC in Promiscuous Mode [Technet]
How to Set HyperV NIC in Promiscuous Mode
http://tech.deurk.net/hyper-v-and-promiscuous-mode/
Regards,
Shahid
0
 

Author Closing Comment

by:ecemibm
ID: 33770185
There is no solution for the problem.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will try to explain how to use the VMware feature TAGs in the VMs and create Veeam Backup Jobs using TAGs. Since this article is too long, I will create second article for the Veeam tasks.
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question