Re: Virtual WireShark appliance

[Guy Harris <guy () alum mit edu>]

On Sep 20, 2010, at 1:44 PM, john s wolter wrote:

> Sake and Marco,
>
> ....but

Nobody's arguing against the idea of a Wireshark virtual appliance, as far as I can tell.

As Sake said:

> The problem is how to get
> packets to the virtual appliance. Most virtual switches that come
> with the virtualization environment just don't do port mirroring and
> such (please correct me if I'm wrong here nowadays).

I.e., if the virtual machine does not provide mechanisms by which a program running on one virtual machine can monitor 
on-the-wire traffic to another virtual machine, or traffic within another virtual machine, or between two virtual 
machines, there's really not much Wireshark can do.  There might be virtual machines that support this - as Marco said:

> Cisco's Nexus 1000V can do (ER)SPAN.


but, if there are any virtual machines where Wireshark running on one virtual machine can't look at any traffic other 
than traffic to or from the VM on which it's running, a Wireshark virtual appliance *for that particular virtual 
machine* won't be very useful.

I.e., it's worth investigating, but it's not necessarily going to work on all VMs.

> Just imagine how working in the Cloud will change everything.

...assuming that "the cloud" ends up being like "the Web" rather than, say, "push technology". :-)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe