Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Capture traffic using virtual machine

Posted on 2010-09-21
7
Medium Priority
?
1,035 Views
Last Modified: 2013-11-06
Hi,

I'm trying to use a virtual environment to capture traffic from a real switch but I have problems with the traffic that the virtual NIC is able to see...

The environment is the following:

I have a server with four NICs running windows 2008 R2 and Hyper-V. I use one NIC to manage the server.

I have started with one virtual machine running windows 2008 R2 and wireshark to capture traffic. The virtual machine has two NICs configured, one to manage and other to capture the traffic, both are connected to different real NICs.

When I try to capture traffic through the interface connected to the real NIC connected to the switch port, I can't see all the traffic... I don't know if it's not possible or if I need to configure something in the virtual machine to allow this feature...

Thanks in advanced.
0
Comment
Question by:ecemibm
  • 2
  • 2
5 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33733985
Did you try to use Microsoft Network Monitor?

http://support.microsoft.com/kb/933741
0
 

Author Comment

by:ecemibm
ID: 33734142
The issue is not related with the software used to capture the traffic. We have this environment running on a real environment with the same features and software and it's running without problems... I think it's something related with the virtual networking in Hyper-v and the possibility to set a promiscuous mode in the virtual switch...

I know that VMWare manage this issue but I don't know if Hyper-V has this feature...
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33734158
OK, I will dig it in my env and I would try to help you, tomorrow, because I'm going home, ok?
0
 
LVL 15

Accepted Solution

by:
msmamji earned 2000 total points
ID: 33761190
To the best of my knowledge, it is not supported, yet.
To date Hyper-V doesn't support promiscuous mode on virtual interfaces. Virtual switches in Hyper-V seem to act like per-port switching. Your VM will only see broadcast traffic and traffic bound for it.

Haven't used VMware but have heard they support promiscuous mode.
How to Set HyperV NIC in Promiscuous Mode [Technet]
How to Set HyperV NIC in Promiscuous Mode
http://tech.deurk.net/hyper-v-and-promiscuous-mode/
Regards,
Shahid
0
 

Author Closing Comment

by:ecemibm
ID: 33770185
There is no solution for the problem.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
In this article will go through how to backup a vPostgres DB from a broken vCenter Appliance and restore to a new vCenter Appliance.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question