I want to create following lab setup using VirtualBox and Wireshark:
Any suggestion or possible work around? asked 25 Apr '15, 15:34  Mushtaq Hussain |
2 Answers:
For the VMs use Network: Host-only Adapter On the Host PC open Wireshark and start the capture on Virtualbox Host-Only Network. *Tested on Win 7 with Virtualbox 4.3.26 and Wireshark 1.12.4 answered 01 May '15, 04:11  Roland showing 5 of 8 show 3 more comments |
Virtualbox includes a feature to capture traffic generated by the virtual machines. This looks like the most reliable way to capture traffic between two VMs, besides capturing the traffic directly in the VMs. Regards answered 03 May '15, 14:06  Kurt Knochner ♦ Thank you for pointing to this feature. However, I need to monitor the live capturing of traffic in Wireshark, whereas in this feature case you can not analyse the traffic in real time. (03 May '15, 14:22) Mushtaq Hussain 1 well, then your option is to capture inside one of the VMs (or even both). (03 May '15, 14:48) Kurt Knochner ♦ 1 Definitely one way is to capture inside the VM. But is it not possible to do a capture in host? As may be there comes a situation where one is looking to capture live traffic of a network formed from more than two VMs at a time. Any thoughts. (03 May '15, 15:19) Mushtaq Hussain
Ask the Virtualbox community. They should know their product better than we do ;-)) (03 May '15, 16:41) Kurt Knochner ♦ |
I had tried same setup previously; however again repeated after seeing your answer. But I am unable to capture the traffic between two VMs running in VirtualBox. I am able to capture broadcast packets from the two VMs, however no unicast packets (like ICMP packets) between the two VMs are being captured by the Wireshark on vboxnet0 interface.
My Environment is: Host is Ubuntu 14.04 LTS, Wireshark Version 1.10.6, VirtualBox Version 4.3.10_Ubuntu r93012. Both VMs are in Host-Only mode attached to vboxnet0 adapter. And I am capturing on vboxnet0 interface on Wireshark.
It also works on Linux, but I only tested with Virtualbox 4.3.26.
Upgraded to Virtualbox 4.3.26 r98988. It does seems a more refined and light on resources. However, my original problem remains exactly the same. I have also set the Promiscuous mode policy for vboxnet0 interface in both VMs to 'Allow All', still Wireshark only captures the broadcast packets not the unicast ping between the two VMs. Wireshark is also set to capture in promiscuous mode.
Can you share any specific interface settings for VMs or Virtualbox global configurations?
I used the default settings, promiscuous mode was set to Deny. Do you have the firewall enabled on the host?
I have also checked with firewalls disabled, but same result. Also firewall does not seem to be a problem here, as I am able to capture all traffic through same interface when one VM is in Virtualbox and other one in the VMware player. However, it seems when both VMs are in virtualbox they have some kind of direct link and unicast traffic does not reach at vboxnet0. As broadcast traffic from both VMs is being captured.
I have also checked with firewalls disabled, but same result. Also firewall does not seem to be a problem here, as I am able to capture all traffic through same interface when one VM is in Virtualbox and other one in the VMware player. However, it seems when both VMs are in virtualbox they have some kind of direct link and unicast traffic does not reach at vboxnet0. As broadcast traffic from both VMs is being captured.
Can you try it on another host?