Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 381
  • Last Modified:

vmware port

I have a virtual server and I'd like to capture traffic going to that virtual server. How do I span the port on my Cisco switch. I am not onsite so I do not know the port where the physical server is connected to. Any ideas? Thx
0
leblanc
Asked:
leblanc
  • 3
  • 2
  • 2
3 Solutions
 
InfamusCommented:
Do you have access to the server, for example, like RDP?

If you can, then you can install wireshark and capture the traffic, otherwise you need to find a switchport where the vm host is connected.  In that case, you will be capturing all the traffic going to the vm host.
0
 
leblancAccountingAuthor Commented:
Is it possible to capture the port where the virtual server is connected to? I am not sure how that will work?
0
 
giltjrCommented:
You need to find the MAC address of the physical server and then look at the mac address table.

However, how/where are you going to SPAN the traffic if you don't have physical access to the switch?

Just to make sure if you do span the port you will capture ALL traffic to that physical server, not just the traffic to that VM.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
leblancAccountingAuthor Commented:
This is what I have:
- I can access the switch
- I know the MAC and IP address of the physical server where the virtual server resides.
- I know the switch port where the physical server is connected to.
- I know the MAC address of the virtual server.

I just want to capture the traffic to the virtual server, not the whole physical server. It has to have a way to do this. Thx
0
 
giltjrCommented:
Span session only know ports.  So all traffic going in/out of the port is mirrored.

If you have the correct access to the ESXi host you can capture traffic there using TCPDUMP.


http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1031186

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1000880
0
 
leblancAccountingAuthor Commented:
I am not allow to have access to the ESXi host... Politics... :)
I will just capture the port where the physical server is connected to and setup the filter on the virtual server. Thx
0
 
InfamusCommented:
Let us know how it went.
Good luck.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now