Solved

Capture traffic using virtual machine

Posted on 2010-09-21
7
1,017 Views
Last Modified: 2013-11-06
Hi,

I'm trying to use a virtual environment to capture traffic from a real switch but I have problems with the traffic that the virtual NIC is able to see...

The environment is the following:

I have a server with four NICs running windows 2008 R2 and Hyper-V. I use one NIC to manage the server.

I have started with one virtual machine running windows 2008 R2 and wireshark to capture traffic. The virtual machine has two NICs configured, one to manage and other to capture the traffic, both are connected to different real NICs.

When I try to capture traffic through the interface connected to the real NIC connected to the switch port, I can't see all the traffic... I don't know if it's not possible or if I need to configure something in the virtual machine to allow this feature...

Thanks in advanced.
0
Comment
Question by:ecemibm
  • 2
  • 2
7 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33733985
Did you try to use Microsoft Network Monitor?

http://support.microsoft.com/kb/933741
0
 

Author Comment

by:ecemibm
ID: 33734142
The issue is not related with the software used to capture the traffic. We have this environment running on a real environment with the same features and software and it's running without problems... I think it's something related with the virtual networking in Hyper-v and the possibility to set a promiscuous mode in the virtual switch...

I know that VMWare manage this issue but I don't know if Hyper-V has this feature...
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33734158
OK, I will dig it in my env and I would try to help you, tomorrow, because I'm going home, ok?
0
 
LVL 15

Accepted Solution

by:
msmamji earned 500 total points
ID: 33761190
To the best of my knowledge, it is not supported, yet.
To date Hyper-V doesn't support promiscuous mode on virtual interfaces. Virtual switches in Hyper-V seem to act like per-port switching. Your VM will only see broadcast traffic and traffic bound for it.

Haven't used VMware but have heard they support promiscuous mode.
How to Set HyperV NIC in Promiscuous Mode [Technet]
How to Set HyperV NIC in Promiscuous Mode
http://tech.deurk.net/hyper-v-and-promiscuous-mode/
Regards,
Shahid
0
 

Author Closing Comment

by:ecemibm
ID: 33770185
There is no solution for the problem.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will try to explain how to use the VMware feature TAGs in the VMs and create Veeam Backup Jobs using TAGs. Since this article is too long, I will create second article for the Veeam tasks.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question