We are building a multi server SIPX cluster and wish to be able to build a monitoring platform with six NICs. The optimal configuration would be to run six virtual machines with an instance of Wireshare running on each VM. Has any one out there done this? Does Wireshark run on UNIX and if so what versions...CentOS? How much much RAM is required? Will it work with a QUAD core single CPU box or does it require multiple physical CPUs? Thank You, asked 15 Oct '10, 07:47 mrbodle edited 19 Oct '10, 16:11 Gerald Combs ♦♦ |
2 Answers:
First of all, yes, Wireshark runs on most platforms but getting it to capture data might involve some work since it needs capture access to the NIC. It usually doesn't matter if the OS is running on bare metal or in a VM - if there is a Wireshark flavour for it, it will work in a VM. Regarding doing captures in VMware you need to be aware that there are different virtualization plattforms like VMWare Server, VMWare Workstation and VMWare vSphere. While VMWare Server and Workstation are quite similar in their network setups the ESX server of vSphere are configured differently and use virtual switches which the other two do not. I guess that you want to use the free VMware Server 2.x. In that case you can create six VMs and install the OS of your choice and then Wireshark in each of them (dumpcap or tcpdump might be enough if you just want to capture and not analyze inside the VM). Then you need to map the virtual NIC of each VM to a separate physical NIC in bridge mode. If I remember correctly (I do mostly vSphere now) this has to be done using the vmnetcfg utility that can be found in the VMWare server install directory. answered 19 Oct '10, 16:08 Jasper ♦♦ |
Could you read the Introduction section of the User's Guide and see what questions remain? answered 15 Oct '10, 07:54 Jaap ♦ |