NIC Promiscuous Mode Not Working

PLABS · ‎11-22-2018

Platform: ESXi 6.7 running on a Dell PE T410 w/ Broadcom BCM5716 NICs

Purpose: Passive monitoring of network traffic (tcpdump, Snort, whatever...)

Configuration: I'm using a network hub (yes, an old fashioned hub!) with ISP on one port, internal network on another, and the "promiscuous" mode'd NIC/vSwitch PG on another

Packets are flying around, as the LAN is connected to the ISP through the hub. And a laptop NIC connected to a random hub port sees all the traffic. However, the Port Group / vSwitch is not passing the traffic to my RHEL VM with it's own NIC in promisc mode. It is only seeing router advertisements (IP6 gateway).

I've tried all I can think of and I'm going mad.

I've never used a VM on ESXi to monitor network traffic before. Always just had hardware taps. Any advice?

Thanks!

MikeStoica · ‎11-22-2018

Did you configured like this VMware Knowledge Base ? Is the VM connected to that vSwitch?

PLABS · ‎11-23-2018

Yes and yes.

sk84 · ‎11-23-2018

Just to be clear, you have configured a vSS portgroup with VLAN ID 4095, promiscuous mode set to accept, your vNIC of the VM is attached to this portgroup and your network settings within your guest OS are also configured for promiscuous mode and guest vlan tagging?

But you don't see traffic from other virtual machines on the same host? Or do you just not see packets from other virtual machines on other ESXi hosts?

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.

PLABS · ‎11-23-2018

Yes, I've done all of that. And I am using a dedicated vSwitch/PG since my goal is to monitor the traffic on the hub, not the other virtual machines.

All

NIC Promiscuous Mode Not Working