This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark not seeing traffic from other machines on virtual network

0

I'm trying to run a network of three Ubuntu VMs in host only mode on VirtualBox. Two are to send/recieve messages to one another while the third has wireshark to intercept traffic. They're all listed as being on eth0, but when I attempt to view the capture options for eth0 in wireshark, it lists only the IP of the VM wireshark is installed on.

Why isn't wireshark seeing traffic from my other two VMs?

asked 24 Apr '15, 12:02

ab0mber89's gravatar image

ab0mber89
6113
accept rate: 0%

edited 25 Apr '15, 11:42

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

What do you mean by "They're all listed as being on eth0"? Listed where?

Do you mean "Why isn't wireshark seeing traffic from my other two VMs?", or "Why isn't Wireshark showing multiple IP addresses for eth0 in the capture options dialog?" (The two are not the same question; the IP addresses it shows are the IP addresses that the host running Wireshark has for that interface, not the IP addresses from which it sees traffic.)

(24 Apr '15, 16:18) Guy Harris ♦♦

I suppose I should be more clear. Why won't wireshark see the traffic from my other two VMs?

When I said they're listed as being on eth0, I meant when I used ifconfig on each VM it listed their IP addresses for the host only network under eth0, which is why I tried to capture traffic from that interface. I also tried the 'any' interface offered by wireshark after trying to capture traffic from eth0 proved unsuccessful. I just want this third VM to be able to see traffic between the other two and capture it, and I'm not sure how to make it happen.

(25 Apr '15, 00:37) ab0mber89

One Answer:

0

What I have understood from your explanation, you are looking at individual/local eth0 interfaces of each of the individual VM, it is not a common eth0 interface from where you can place a hook to get the captured traffic. So it will not work this way. IMHO.

answered 25 Apr '15, 04:33

Mushtaq%20Hussain's gravatar image

Mushtaq Hussain
21124
accept rate: 0%

edited 25 Apr '15, 16:18

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

What I have understood from your explanation, you are looking at individual/local eth0 interfaces of each of the individual VM, it is not a common eth0 interface from where you can place a hook to get the captured traffic.

Correct. The "any" interface is also an individual/local interface. It's best to think of the virtual network as being similar to a real network, with multiple independent virtual machines, each of which has its own independent network interfaces, which will not show the IP addresses of other machines' interfaces - and the virtual network probably looks like a switched network, so that a host on the network won't necessarily see traffic between other hosts on the network.

(25 Apr '15, 11:46) Guy Harris ♦♦

I understand. So how do I get wireshark to see traffic from the other VMs? I'm pretty much brand new to VirtualBox and I've never used Wireshark or an Ubuntu OS before. Does anyone have a suggestion or possibly an example of how to do this?

(25 Apr '15, 12:03) ab0mber89

Would VirtualBox's NIC tracing help here?

(25 Apr '15, 12:13) Guy Harris ♦♦

I'm pretty much brand new to VirtualBox and I've never used Wireshark or an Ubuntu OS before.

This probably has little, if anything, to do with Ubuntu and everything to do with VirtualBox.

VirtualBox might also provide interfaces on the host on which you can capture, showing traffic between the host and a particular guest.

(25 Apr '15, 12:23) Guy Harris ♦♦

I'll try it out. I have very little time left before I have to leave for work, as it stands, but I will try to test it when I get home.

It mentions that I need to disable tracing once the test is over, but it doesn't show how.

(25 Apr '15, 12:24) ab0mber89

I'm afraid I have very little idea about how to configure the network in VirtualBox. I've tried using several different types of adapters (host only, internal, bridge) to connect these VMs so I can capture the packets, but nothing has worked so far.

I appreciate the help thus far. Hopefully the nictrace helps me uncover the issue.

(25 Apr '15, 12:48) ab0mber89
showing 5 of 6 show 1 more comments