I have installed VMWare Fusion 1.1beta on a Leopard host recently and tried to sniff traffic sent from my VM image over the virtual network device from the host (tcpdump on the host side filtering on the IP given to the virtual host). No traffic appears unfortunately. With bridged networking, sniffing on the host ethernet device shows no traffic from the VM, and if NAT is enabled, you can't even open the vmnet device in promiscuous mode.
Will VMWare Fusion support this functionality? Thanks.
I'll let VMware answer your question about host network sniffing functionality. If you this want this to work now, I would wire trace the network in the VM. Wireshark works well for this and it's free.
I too am interested in this. When I attempt to run Wireshark (on the Mac) on vmnet8 I get ...
The capture session could not be initiated
(BIOCSETIF: vmnet8: Device not configured).
You are you on Tiger (10.4) or Leopard (10.5), apparently there's a problem in Leopard in the guest putting the virtual NIC in promiscous mode. VMware are working on the issue. I'll try to test Wireshark on Windows and tcpdump on Ubuntu tonight.
I'm on Plain Old Tiger (10.4.11). Fusion 1.1 (final).
-bmw
The vmnet devices don't currently support BPF, which (according to my understanding) is necessary to use tools like tcpdump. As a workaround, try vmnet-sniffer (in /Library/Application Support/VMware Fusion/), which should let you capture packets.
Thanks, Eric! That helps me. The output from vmnet-sniffer is "one-size-fits-all" apparently, and so it's cluttered with ssh traffic, but at least I can see that my app is sending stuff and getting replies. I appreciate that it can create Wireshark/tcpdump compatible dumps too.
(And definitely your interface must support bpf for tcpdump, or anything else that links to the
pcap(3)
library, to work.)Glad that worked out for you. Sorry about not currently supporting BPF, I've pinged the developers to remind them that people would like to have this.
On Leopard attempting to put Ubuntu in promiscuous mode using tcpdump, generates this notice in Fusion:
The virtual machine's operating system has attempted to enable promiscuous mode on adapter Ethernet0. This is not allowed for security reasons.
Please go to the Web page "http://www.vmware.com/info?id=161" for help enabling promiscuous mode in the virtual machine.
But then tcpdump runs and it does capture data for the guest VM. Seems to work OK and there's an option to disable the warning.
Any update on this? Trying to debug communication with the host/guest is hindered somewhat. vmnet-sniffer is a poor substitute (useful but not as useful as support BPF).
Is there any news on getting this BPF support?
Is there any news on getting this BPF support?
No, sorry.
Thanks for the update!
Any progress on this?
$ sudo tcpdump -n -i vmnet1
tcpdump: BIOCSETIF: vmnet1: Device not configured
Sniffing from the guest perspective is possible but at times you need to sniff on both ends
Use /Library/Application Support/VMware Fusion/vmnet-sniffer if you need to sniff from the host. I'm not a network guy but believe BPF support is what's needed for tcpdump to work.
Testing this under Fusion 3.1.1, tcpdump still doesn't work.
Is BPF support planned for Fusion devices at all?
Should I hold my breath for this?