Layer3

Adventures in Networking, Routing, Switching, Virtualization, Storage, etc.

  • Archives

  • Categories

  • Blog Stats

    • 139,715 visits
  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 27 other followers

vSwitch Port Mirroring

Posted by Chris on May 1, 2011

Say you want to set up Wireshark in a guest VM to capture traffic from other guest VM’s on a particular vSwitch.  Those familiar with VMware know that vSwitches and Port Groups have a promiscuous mode setting that will mirror traffic to every port on the vSwitch.  This works well except for the fact that all of the virtual machines on that particular vSwitch or belonging to that port group also receive a copy of every other VM’s traffic.

A simple work around for this is to create a separate port group, apply the promiscuous mode setting at the port group level, then add the guest VM to the new port group.

What is a Port Group?

First off, I think Port Groups should have been called Switchport Groups because they contain many of the settings commonly applied to a physical switch port.  These include security, traffic shaping, NIC teaming and failover configuration.  A single vSwitch can contain multiple port groups.  We can leverage this capability to isolate our packet capture VM and in effect configure a single SPAN port on the vSwitch.

To create a new port group go to the Properties of the vSwitch, click Add, select Virtual Machine then click Next.

In the Port Group Properties give the new port group a descriptive name by changing the Network Label.  In this case we’ll call the port group “Monitor”.  Click Next and then Finish.

To change the port group security settings to use promiscuous mode, highlight the Monitor port group and click Edit.

Under the Security tab, check the box next to Promiscuous Mode and change the drop down to Accept, then click Ok.

Lastly, add the guest VM to the new port group by editing the network adapter settings.  My monitoring VM is called Win7-01.  Select the VM in the inventory, click Edit Settings, Network Adapter and then select the newly created port group (Monitor) from the drop down.

The vSwitch and port group configuration should now look something like this.  You can launch Wireshark in the guest VM and securely capture packets from the entire vSwitch without impacting performance.

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 27 other followers

%d bloggers like this: