VMware Cloud Community
RanjnaAggarwal
VMware Employee
VMware Employee

Promiscuous Mode vs. Port Mirroring

As distributed switch is providing both the options for the configuration. What exactly the use cases are for:-

1. Promiscous mode instead of port mirroring?

2. Port Mirroring instead of promiscous Mode?

Regards, Ranjna Aggarwal
Reply
0 Kudos
3 Replies
photofalk
Enthusiast
Enthusiast

Hi,

Use "port mirroring" to tap the communication of a dedicated VM or network adapter. The Tap-Device/Sniffer can be placed into another port-group.

Promiscuous Mode will show traffic of all VM which are connected to the same Port-Group. You can enable Promisc-Mode on Port-Group-Level. So please keep in mind, that all VMs are able to traffic of other VMs.

More about promisc-mode: VMware KB: How promiscuous mode works at the virtual switch and portgroup levels

Greetings

Falk

Reply
0 Kudos
Kisan_VMware
Enthusiast
Enthusiast

Hi,

The terms are generally synonymous. In those cases where there is a difference, promiscuous mode typically means that ALL switch traffic is forwarded to the promiscuous port, whereas port mirroring forwards (mirrors) only traffic sent to particular ports (not traffic to all pots).



Reply
0 Kudos
RichardBush
Hot Shot
Hot Shot

Just to clear this up,

Port Mirroring, if you want to replicate all traffic from one port to another port. This is used to Mirror the traffic of a VM or VM's to a single port (or uplink). useful if you have a IDS or IPS to which you want to directly pass all traffic from a single or bunch of VM's

Promiscuous mode, Any VM in a promiscuous port-group can see all traffic that is traversing the virtual switch. if you set this at the vswitch level remember to explicitly disable it on Port-groups that do not require this setting. useful if you have a IDS and IPS and want to monitor all traffic passing over the port-goup or goups.

So to summarize, if you want to see all network traffic from a specific VM, or Multiple VM's use port mirror, if you want to see all traffic from a specific Port-Group, or Port-Groups, use Promiscuous.

Rich

Reply
0 Kudos