Re: Sniffing communication between virtual machines

[Guy Harris <guy () alum mit edu>]

On Nov 6, 2009, at 7:44 AM, Beno, Tal wrote:

> I need to record traffic between two middleware software (e.g. app  
> server and a DB) which are deployed on two different virtual  
> machines. The thing is that they may be physically deployed sometime  
> on the same physical machine.
>
> Would a SPAN port listener on the Switch be able to capture the  
> traffic between them in that kind of a scenario/deployment?

Almost certainly not.  If the two VMs are on the same physical  
machine, network communication between them will almost certainly be  
done through the VM hypervisor, with a packet sent by VM 1 being  
picked up by the hypervisor and sent as input to a network interface  
on VM 2.

> If not – then I would be grateful to learn now people are tapping  
> into virtual environments in that regard.

That probably depends on which VMM you're using - VMware?  Hyper-V?   
Xen?  Something else?

You might be able to run a network analyzer on one of the VMs, and  
capture traffic on whichever network interface (emulated, or "fake")  
is used to communicate with the other VM.  The VM hypervisor, if it  
runs under some OS rather than on the bare hardware, *might* also  
provide a network interface on the host machine that allows you to  
capture traffic going to or from a guest machine, allowing you to run  
a network analyzer on the host machine.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe