Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2021-11-27 20:01:04 +0000

BigFatCat gravatar image

It can work with limitations and the correct software. By default, VM server only sees traffic for its virtual MAC address and multicast. If your VM box supports a VM switch, then it is possible to mirror traffic to another port in the same box. I would try performance and malware software to determine what needs to be capture. If is a requirement to capture all network traffic, then a dedicated network appliance is a better option.

Some limitations

  1. Packet drops when the aggregate traffic exceeds the VM server port. An example of aggregate traffic issue is a 1G ingress/egress mirror. A 1G full duplex is simultaneous 1G ingress and 1G egress or 2G. The 2G aggregate traffic will never fit a 1G target port. Either two 1G target ports or 10G target port.
  2. VM server will need to be able capture and write traffic a port speed to a file. If it can't then packets will be dropped.
  3. File storage. There will be Terabytes of data.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2