This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Cannot capture packets between two vmware virtual machines on the same host

0

I set them both at bridged model. I tried NAT as well, still cannot get the packets between them. The capture interface I chose was the physical interface of the host.

Any ideas, thank u!

asked 02 Aug '12, 19:45

Siyang's gravatar image

Siyang
6114
accept rate: 0%

edited 04 Aug '12, 04:27

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237


2 Answers:

1

Hi,

This works on my system:

System:

Host: Win 7 64 Bit
Vmware: Workstation 7.1.5
VM 1+2: Win XP SP3

Test case #1

Setup: Both VMs mapped their interface to "bridged"
Result: I can see traffic of/between those machines on my Host LAN interface

Test case #2

Setup: Both VMs mapped their interface to "host-only"
Result: I can see traffic of/between those machines on my Host "vmnet1" interface

So, what is your

  • OS / OS version of the vmware host
  • Vmware version
  • Wireshark capture setup

Regards
Kurt

answered 03 Aug '12, 03:35

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thank you Kurt, your case #2 works on my system.

Mine system is the same with u, except my Vmware is workstation 8.0.0.

However, I understand the differences of the models, I'm still not clear that why the case #1 cannot work on my system.

Could you explain the reason in detail? That would help a lot!

Thank you! Siyang

(05 Aug '12, 23:45) Siyang

I'm still not clear that why the case #1 cannot work on my system.

VMware Workstation uses 'auto-bridging' per default. If you have multiple interfaces on your host (including WLAN interfaces), VMware might have mapped the VM interfaces to a host interface you do not expect. Please configure manual mapping of the bridged interfaces and then try again.

Edit -> Virtual Network Editor -> VMnet0 (bridged) -> Bridged to: (Automatic)

Change 'Automatic' the your LAN interface. You should be able to capture on the host now. If that does not work, they have changed something in VMware 8.0.

(06 Aug '12, 05:39) Kurt Knochner ♦

0

With Wireshark installed on the VM, all you will see is traffic to & from the VM plus broadcasts & multicasts. This is because when in bridged mode the physical Win 7 OS is acting as a switch, only passing up the traffic to & from the VM plus broadcasts & multicasts.

If you install Wireshark on the Win 7 host, then you will be able to put the NIC in promiscuous mode and capture whatever passes your NIC (obviously dependant then on you SPAN session etc).

answered 03 Aug '12, 14:05

KeithFrench's gravatar image

KeithFrench
121115
accept rate: 0%

Thank you!

In theoretically, Wireshark should capture all the packages passed through it.

Just in my case, when the 2 VMs are set in 'bridged' model, wireshark cannot capture the communication between them.

(05 Aug '12, 23:52) Siyang