Wireshark-users: Re: [Wireshark-users] Sniffing communication between virtual machines
On Nov 6, 2009, at 7:44 AM, Beno, Tal wrote:
I need to record traffic between two middleware software (e.g. app
server and a DB) which are deployed on two different virtual
machines. The thing is that they may be physically deployed sometime
on the same physical machine.
Would a SPAN port listener on the Switch be able to capture the
traffic between them in that kind of a scenario/deployment?
Almost certainly not. If the two VMs are on the same physical
machine, network communication between them will almost certainly be
done through the VM hypervisor, with a packet sent by VM 1 being
picked up by the hypervisor and sent as input to a network interface
on VM 2.
If not – then I would be grateful to learn now people are tapping
into virtual environments in that regard.
That probably depends on which VMM you're using - VMware? Hyper-V?
Xen? Something else?
You might be able to run a network analyzer on one of the VMs, and
capture traffic on whichever network interface (emulated, or "fake")
is used to communicate with the other VM. The VM hypervisor, if it
runs under some OS rather than on the bare hardware, *might* also
provide a network interface on the host machine that allows you to
capture traffic going to or from a guest machine, allowing you to run
a network analyzer on the host machine.
