Let me start by saying that I can do this with Vmware, but want to use Hyper-v.
I have mirrored several ports on my switch and I have connected a second
adapter on my hyper-v server to the monitor port on my switch. When I run
Wireshark (sniffer), and connect to the adapter on the hyper-v server that is
plugged into the monitor port on my switch, I am able to see all the traffic
from the ports of the switch that are being mirrored.
What I would like to do is run wireshark in a vm and get all the traffic on
the physical adapter that is hooked up to the monitor port of the switch. I
have tried a couple of ways to try to get the traffic.
1) I tried assigning in Virtual Network Manager the virtual adapter to the
external adapter that is connected to the monitor port on the switch.
2) I tried creating an Internal network in Virtual Network Manager. I then
assign the virtual adapter to the Internal network that I created. Then on
the Host computer, I bridge the physical sniffer adapter to the Internal
network.
Either way, I only seem to be seeing the broadcast packets that come across
the sniffer adapter, and none of the routed ones that I can see when I have
wireshark on the physical adapter.
Any suggestions on how I could have a virtual computer have a virutal
adapter that gets all of the packets that come into the physical adapter and
not just the ones that are routed to the vm or broadcast? If I can see all
network traffic on the physical adapter, I would expect if I bridged the
physical adapter to the virtual adapter, that the virtual adapter should get
all the network traffic sent to the physical adapter because it is just
bridging, not routing it.
Bridging all traffic from physical adapter to virtual adapter
- 04 Nov 2008 #1
JimS GuestMy System SpecsBridging all traffic from physical adapter to virtual adapter
- 04 Nov 2008 #2
JimS GuestMy System SpecsRE: Bridging all traffic from physical adapter to virtual adapter
Maybe I can make this clearer. I have mirrored ports on my switch to a
monitor port. on the switch The monitor port is connected to my Windows
Server 2008 Hyper V server on an adapter I will call "sniffer". When I run
wireshark on the server, I can see all the network traffic of my network.
What I would like to do is to run wireshark on a vm running on the Hyper-V
server. And then map the virtual adapter to the physical "sniffer" adapter.
Then I would be able to capture all the network traffic of my network from
within the vm.
I can get this to work very easily using vmware virtual server 1.0/2.0, but
want to do it with Hyper-v instead.
"JimS" wrote:
> Let me start by saying that I can do this with Vmware, but want to use Hyper-v.
>
> I have mirrored several ports on my switch and I have connected a second
> adapter on my hyper-v server to the monitor port on my switch. When I run
> Wireshark (sniffer), and connect to the adapter on the hyper-v server that is
> plugged into the monitor port on my switch, I am able to see all the traffic
> from the ports of the switch that are being mirrored.
>
> What I would like to do is run wireshark in a vm and get all the traffic on
> the physical adapter that is hooked up to the monitor port of the switch. I
> have tried a couple of ways to try to get the traffic.
>
> 1) I tried assigning in Virtual Network Manager the virtual adapter to the
> external adapter that is connected to the monitor port on the switch.
> 2) I tried creating an Internal network in Virtual Network Manager. I then
> assign the virtual adapter to the Internal network that I created. Then on
> the Host computer, I bridge the physical sniffer adapter to the Internal
> network.
>
> Either way, I only seem to be seeing the broadcast packets that come across
> the sniffer adapter, and none of the routed ones that I can see when I have
> wireshark on the physical adapter.
>
> Any suggestions on how I could have a virtual computer have a virutal
> adapter that gets all of the packets that come into the physical adapter and
> not just the ones that are routed to the vm or broadcast? If I can see all
> network traffic on the physical adapter, I would expect if I bridged the
> physical adapter to the virtual adapter, that the virtual adapter should get
> all the network traffic sent to the physical adapter because it is just
> bridging, not routing it.
- 04 Nov 2008 #3
JimS GuestMy System SpecsRE: Bridging all traffic from physical adapter to virtual adapter
So now I think I know what is going on. I need to get the virtual adapter to
go into promiscuous mode. It looks like there was an xml entry in Virtual
Server 2005 R2 SP1 that allowed this, but I have no idea how to set this in
Hyper-V
"JimS" wrote:
> Maybe I can make this clearer. I have mirrored ports on my switch to a
> monitor port. on the switch The monitor port is connected to my Windows
> Server 2008 Hyper V server on an adapter I will call "sniffer". When I run
> wireshark on the server, I can see all the network traffic of my network.
>
> What I would like to do is to run wireshark on a vm running on the Hyper-V
> server. And then map the virtual adapter to the physical "sniffer" adapter.
> Then I would be able to capture all the network traffic of my network from
> within the vm.
>
> I can get this to work very easily using vmware virtual server 1.0/2.0, but
> want to do it with Hyper-v instead.
>
> "JimS" wrote:
>
> > Let me start by saying that I can do this with Vmware, but want to use Hyper-v.
> >
> > I have mirrored several ports on my switch and I have connected a second
> > adapter on my hyper-v server to the monitor port on my switch. When I run
> > Wireshark (sniffer), and connect to the adapter on the hyper-v server that is
> > plugged into the monitor port on my switch, I am able to see all the traffic
> > from the ports of the switch that are being mirrored.
> >
> > What I would like to do is run wireshark in a vm and get all the traffic on
> > the physical adapter that is hooked up to the monitor port of the switch. I
> > have tried a couple of ways to try to get the traffic.
> >
> > 1) I tried assigning in Virtual Network Manager the virtual adapter to the
> > external adapter that is connected to the monitor port on the switch.
> > 2) I tried creating an Internal network in Virtual Network Manager. I then
> > assign the virtual adapter to the Internal network that I created. Then on
> > the Host computer, I bridge the physical sniffer adapter to the Internal
> > network.
> >
> > Either way, I only seem to be seeing the broadcast packets that come across
> > the sniffer adapter, and none of the routed ones that I can see when I have
> > wireshark on the physical adapter.
> >
> > Any suggestions on how I could have a virtual computer have a virutal
> > adapter that gets all of the packets that come into the physical adapter and
> > not just the ones that are routed to the vm or broadcast? If I can see all
> > network traffic on the physical adapter, I would expect if I bridged the
> > physical adapter to the virtual adapter, that the virtual adapter should get
> > all the network traffic sent to the physical adapter because it is just
> > bridging, not routing it.
Bridging all traffic from physical adapter to virtual adapter problems?
| Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| windows 7 microsoft virtual wifi miniport adapter | Loran | Vista General | 2 | 24 Apr 2010 |
| Virtual PC cannot share network adapter when VPN is connected | MattG | Virtual PC | 7 | 10 Aug 2009 |
| RE: cannot connect virtual network adapter | Brad Rosse | Virtual Server | 5 | 13 Feb 2009 |
| Virtual network adapter disappearing | GTinSALEM | Virtual Server | 1 | 12 Feb 2009 |
| monitor network adapter traffic using powershell | simon22 | PowerShell | 3 | 08 Dec 2008 |
Vista Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows Vista", the Start Orb, and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd