One of our clients had previously used two computers to monitor SIP traffic, one before the firewall, and one internally. The hardware being in use all the time has meant that errors are occurring. So, we decided to implement server 2012 R2 to on a HPE ProLiant DL180 Gen9, two virtual machines, with two network cards, each one with two ports one for the connectivity of the server to the LAN, others for internal / external monitoring. We have a 3rd party that does the monitoring of the SIP traffic, they couldn't use the virtual machines to see the traffic, however if we run two instances of wireshark on the host the traffic is visible. Are there any known issues with using virtual interfaces and wire shark ? Are there any issues with SIP traffic and virtual machines ? Thanks asked 28 Nov '16, 03:19  jordan_patri... |
One Answer:
In my experience it is always possible, in a VM, to capture traffic going into/out of that VM (using Wireshark or tcpdump). If you're saying that the VM is dedicated for capturing other traffic (i.e., the traffic is not naturally going in/out of the VM) then you will need to arrange with the virtualization software and/or host to:
How you do that is probably specific to the virtualization software you're running. answered 04 Jan '17, 10:45  JeffMorriss ♦ |
