VMware

This Question is Possibly Answered

1 "correct" answer available (10 pts)
9 Replies Last post: Aug 14, 2007 7:12 AM by rsa911  

VMware Fusion 1.0 and sniffers = BSOD ... help? posted: Aug 14, 2007 6:01 AM

Click to view pitogo's profile Enthusiast
pitogo
37 posts since
Jul 13, 2006
Hey all,

Well hope you guys are all having fun. On Mac OS X the only sniffer option I know about are wireshark and Etherpeek (no longer being updated). As good as they are I wanted to try more updated and advanced sniffers one was Sniffer Portable from Network General and the other was OmniPeek Enterprise from Wild Packets. I am in a trial/demo program for both but unfortunately I can't capture because they both crash my system with a BSOD. Is there anything I can do to run those programs under virtualization or am I just SOL.

Thanks in advance.

Mike

Message was edited by:
pitogo

Re: VMware Fusion 1.0 and sniffers = BSOD ... help?

1. Aug 14, 2007 6:14 AM in response to: pitogo
Click to view rsa911's profile Virtuoso
rsa911
1,877 posts since
Aug 3, 2007
personally, I usually use the standard Microsoft netmon to capture packets then once done, copy the file to another machine where I have multiple network analyzers at hand
most network analyzers support natively microsoft netmon file format

until now, Netmon has always run fined on the many vm format i've tried

just my 2ct, give it a try and report back your experience, it's interesting ;-)

Re: VMware Fusion 1.0 and sniffers = BSOD ... help?

2. Aug 14, 2007 6:18 AM in response to: rsa911
Click to view pitogo's profile Enthusiast
pitogo
37 posts since
Jul 13, 2006
Oh cool, never thought of that. I can try using netmon to capture data then analyze it in the program. The program doesn't crash until it tries to take control of the interface.

Re: VMware Fusion 1.0 and sniffers = BSOD ... help?

3. Aug 14, 2007 6:21 AM in response to: rsa911
Click to view pitogo's profile Enthusiast
pitogo
37 posts since
Jul 13, 2006
oops duplicate

Message was edited by:
pitogo

Re: VMware Fusion 1.0 and sniffers = BSOD ... help?

4. Aug 14, 2007 6:31 AM in response to: pitogo
Click to view Andreas Masur's profile Expert
Andreas Masur
843 posts since
Feb 26, 2007
Do you actually have a screenshot of the crash? What is the stop code? Does it happen while capturing?

Ciao, Andreas

Re: VMware Fusion 1.0 and sniffers = BSOD ... help?

5. Aug 14, 2007 6:40 AM in response to: Andreas Masur
Click to view pitogo's profile Enthusiast
pitogo
37 posts since
Jul 13, 2006
I would take a screenshot but it reboots way too fast, I get a flash of blue with the stop code then it boots up. No it does not happen while capturing because it happens before the programs can start capturing. Both OmniPeek Ent and Sniffer Portable (even wireshark for Windows) launches like a normal app then when you click the start or capture button Windows immediately goes into a BSOD that flashes way too fast to read or get a screen shot my best attempt was a half black half white screen as it went to change into the boot mode.

Re: VMware Fusion 1.0 and sniffers = BSOD ... help?

6. Aug 14, 2007 6:50 AM in response to: pitogo
Click to view Wes W.'s profile Enthusiast
Wes W.
37 posts since
Jun 19, 2007
Not being a fan of Windows, let alone paying for it, here are my free suggestions:

1) Easiest, pickup a Virtual Appliance pre-configured for network security auditing, such as BackTrack. http://www.vmware.com/appliances/directory/122

2) Install Solaris, FreeBSD, OpenBSD, or whatever Unix you like on your own VM and have more control to learn and explore more about network security. Solaris' 'snoop' command is dirt simple, or you can install Ethereal on almost anything.

HTH.

Re: VMware Fusion 1.0 and sniffers = BSOD ... help?

7. Aug 14, 2007 6:55 AM in response to: pitogo
Click to view rsa911's profile Virtuoso
rsa911
1,877 posts since
Aug 3, 2007
I would take a screenshot but it reboots way too fast

control panel -- system - advanced -- startup and recovery
disable 'automatically restart'
your blue screen will stay displayed until you reset the Vm

Re: VMware Fusion 1.0 and sniffers = BSOD ... help?

8. Aug 14, 2007 7:04 AM in response to: Wes W.
Click to view pitogo's profile Enthusiast
pitogo
37 posts since
Jul 13, 2006
I am trying out enterprise products for use in our ESX environment. But first trying it out on my workstation with no luck. Wireshark is much better than Ethereal but I need something with advanced diagnostics or intellegence that can weed out problems through the noise of even a filtered capture.

install Ethereal on almost anything.

HTH.

Re: VMware Fusion 1.0 and sniffers = BSOD ... help?

9. Aug 14, 2007 7:12 AM in response to: pitogo
Click to view rsa911's profile Virtuoso
rsa911
1,877 posts since
Aug 3, 2007
I suggest you open a new thread in the ESX forum to get some advice on the recommended network analyzers for an ESX platform
the gurus out there should get you the definitive answer ;-)

Actions

VMware Developer

SDKs, APIs, Videos, Learn and much more in the Developer community.

Learn More

Developer Sample Code

Increase your developer productivity with VMware API sample code.

Learn More

VMworld Sessions & Labs

Online access to the latest VMworld Sessions & Labs and online services.

Learn more

Purchase PSO Credits Online

Purchase credits to redeem training and consulting services online.

Buy Now

Community Hardware Software

View reported configurations or report your own.

Learn More

VMware vSphere

Come witness the next giant leap in virtualization.

Register Today

Communities