I've got VirtualBox installed on a Mac running an Ubuntu VM. The VM is setup to use a Host-only Adapter on vboxnet0. The VM is running a web server on non-standard port 5000. I've got a vanilla installation of Wireshark running on the Mac and I start a capture on the vboxnet0 interface. My understanding is that wireshark should capture everything on all ports on an interface out of the box. When I fire up a web browser I can see HTTP and TCP responses from the VM to the Mac but I can't see the requests from the Mac to the VM. Does anyone know why that might be? Am I missing some Wireshark settings? asked 02 Oct '12, 13:30  Everett |
One Answer:
You may be missing some VirtualBox settings. I suspect tcpdump will be no more successful at capturing the traffic than Wireshark; Wireshark should capture everything provided to it by the packet capture mechanism and network device driver on the OS on which it's running (as should tcpdump, for example, given that it and Wireshark use the same packet capture library), but that might not be all traffic - the network device might not see all the traffic, the device driver might not put the device into a mode where it can see all the traffic, or the packet capture mechanism might not pass all the traffic. I'd suggest checking the VirtualBox documentation and asking in a VirtualBox forum. answered 03 Oct '12, 01:13  Guy Harris ♦♦ |
I'm having the same problem. I'm curious if you found a solution.