|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
11-04-2008
| #1 (permalink) |
| | Bridging all traffic from physical adapter to virtual adapter Let me start by saying that I can do this with Vmware, but want to use Hyper-v. I have mirrored several ports on my switch and I have connected a second adapter on my hyper-v server to the monitor port on my switch. When I run Wireshark (sniffer), and connect to the adapter on the hyper-v server that is plugged into the monitor port on my switch, I am able to see all the traffic from the ports of the switch that are being mirrored. What I would like to do is run wireshark in a vm and get all the traffic on the physical adapter that is hooked up to the monitor port of the switch. I have tried a couple of ways to try to get the traffic. 1) I tried assigning in Virtual Network Manager the virtual adapter to the external adapter that is connected to the monitor port on the switch. 2) I tried creating an Internal network in Virtual Network Manager. I then assign the virtual adapter to the Internal network that I created. Then on the Host computer, I bridge the physical sniffer adapter to the Internal network. Either way, I only seem to be seeing the broadcast packets that come across the sniffer adapter, and none of the routed ones that I can see when I have wireshark on the physical adapter. Any suggestions on how I could have a virtual computer have a virutal adapter that gets all of the packets that come into the physical adapter and not just the ones that are routed to the vm or broadcast? If I can see all network traffic on the physical adapter, I would expect if I bridged the physical adapter to the virtual adapter, that the virtual adapter should get all the network traffic sent to the physical adapter because it is just bridging, not routing it. |
My System Specs |
|
11-04-2008
| #2 (permalink) |
| | RE: Bridging all traffic from physical adapter to virtual adapter Maybe I can make this clearer. I have mirrored ports on my switch to a monitor port. on the switch The monitor port is connected to my Windows Server 2008 Hyper V server on an adapter I will call "sniffer". When I run wireshark on the server, I can see all the network traffic of my network. What I would like to do is to run wireshark on a vm running on the Hyper-V server. And then map the virtual adapter to the physical "sniffer" adapter. Then I would be able to capture all the network traffic of my network from within the vm. I can get this to work very easily using vmware virtual server 1.0/2.0, but want to do it with Hyper-v instead. "JimS" wrote: Quote: > Let me start by saying that I can do this with Vmware, but want to use Hyper-v. > > I have mirrored several ports on my switch and I have connected a second > adapter on my hyper-v server to the monitor port on my switch. When I run > Wireshark (sniffer), and connect to the adapter on the hyper-v server that is > plugged into the monitor port on my switch, I am able to see all the traffic > from the ports of the switch that are being mirrored. > > What I would like to do is run wireshark in a vm and get all the traffic on > the physical adapter that is hooked up to the monitor port of the switch. I > have tried a couple of ways to try to get the traffic. > > 1) I tried assigning in Virtual Network Manager the virtual adapter to the > external adapter that is connected to the monitor port on the switch. > 2) I tried creating an Internal network in Virtual Network Manager. I then > assign the virtual adapter to the Internal network that I created. Then on > the Host computer, I bridge the physical sniffer adapter to the Internal > network. > > Either way, I only seem to be seeing the broadcast packets that come across > the sniffer adapter, and none of the routed ones that I can see when I have > wireshark on the physical adapter. > > Any suggestions on how I could have a virtual computer have a virutal > adapter that gets all of the packets that come into the physical adapter and > not just the ones that are routed to the vm or broadcast? If I can see all > network traffic on the physical adapter, I would expect if I bridged the > physical adapter to the virtual adapter, that the virtual adapter should get > all the network traffic sent to the physical adapter because it is just > bridging, not routing it. |
| My System Specs |
|
11-04-2008
| #3 (permalink) |
| | RE: Bridging all traffic from physical adapter to virtual adapter So now I think I know what is going on. I need to get the virtual adapter to go into promiscuous mode. It looks like there was an xml entry in Virtual Server 2005 R2 SP1 that allowed this, but I have no idea how to set this in Hyper-V "JimS" wrote: Quote: > Maybe I can make this clearer. I have mirrored ports on my switch to a > monitor port. on the switch The monitor port is connected to my Windows > Server 2008 Hyper V server on an adapter I will call "sniffer". When I run > wireshark on the server, I can see all the network traffic of my network. > > What I would like to do is to run wireshark on a vm running on the Hyper-V > server. And then map the virtual adapter to the physical "sniffer" adapter. > Then I would be able to capture all the network traffic of my network from > within the vm. > > I can get this to work very easily using vmware virtual server 1.0/2.0, but > want to do it with Hyper-v instead. > > "JimS" wrote: > Quote: > > Let me start by saying that I can do this with Vmware, but want to use Hyper-v. > > > > I have mirrored several ports on my switch and I have connected a second > > adapter on my hyper-v server to the monitor port on my switch. When I run > > Wireshark (sniffer), and connect to the adapter on the hyper-v server that is > > plugged into the monitor port on my switch, I am able to see all the traffic > > from the ports of the switch that are being mirrored. > > > > What I would like to do is run wireshark in a vm and get all the traffic on > > the physical adapter that is hooked up to the monitor port of the switch. I > > have tried a couple of ways to try to get the traffic. > > > > 1) I tried assigning in Virtual Network Manager the virtual adapter to the > > external adapter that is connected to the monitor port on the switch. > > 2) I tried creating an Internal network in Virtual Network Manager. I then > > assign the virtual adapter to the Internal network that I created. Then on > > the Host computer, I bridge the physical sniffer adapter to the Internal > > network. > > > > Either way, I only seem to be seeing the broadcast packets that come across > > the sniffer adapter, and none of the routed ones that I can see when I have > > wireshark on the physical adapter. > > > > Any suggestions on how I could have a virtual computer have a virutal > > adapter that gets all of the packets that come into the physical adapter and > > not just the ones that are routed to the vm or broadcast? If I can see all > > network traffic on the physical adapter, I would expect if I bridged the > > physical adapter to the virtual adapter, that the virtual adapter should get > > all the network traffic sent to the physical adapter because it is just > > bridging, not routing it. |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Virtual PC cannot share network adapter when VPN is connected | Virtual PC | |||
| RE: cannot connect virtual network adapter | Virtual Server | |||
| Virtual network adapter disappearing | Virtual Server | |||
| monitor network adapter traffic using powershell | PowerShell | |||
| Virtual Network Adapter Missing W2003 server | Virtual Server | |||
