This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Issues with virtual machines

0

One of our clients had previously used two computers to monitor SIP traffic, one before the firewall, and one internally. The hardware being in use all the time has meant that errors are occurring. So, we decided to implement server 2012 R2 to on a HPE ProLiant DL180 Gen9, two virtual machines, with two network cards, each one with two ports one for the connectivity of the server to the LAN, others for internal / external monitoring. We have a 3rd party that does the monitoring of the SIP traffic, they couldn't use the virtual machines to see the traffic, however if we run two instances of wireshark on the host the traffic is visible.

Are there any known issues with using virtual interfaces and wire shark ?

Are there any issues with SIP traffic and virtual machines ?

Thanks

asked 28 Nov '16, 03:19

jordan_patrick_SS's gravatar image

jordan_patri...
6112
accept rate: 0%


One Answer:

0

In my experience it is always possible, in a VM, to capture traffic going into/out of that VM (using Wireshark or tcpdump).

If you're saying that the VM is dedicated for capturing other traffic (i.e., the traffic is not naturally going in/out of the VM) then you will need to arrange with the virtualization software and/or host to:

  1. Put the physical NICs in promiscuous mode
  2. Allow the VMs to get copies of that monitored data (presumably by binding them to the physical NICs and configuring the virtual NICs into promiscuous mode)

How you do that is probably specific to the virtualization software you're running.

answered 04 Jan '17, 10:45

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%