VMware Communities
pitogo
Contributor
Contributor
‎08-14-2007 05:57 AM

VMware Fusion 1.0 and sniffers = BSOD ... help?

Hey all,

Well hope you guys are all having fun. On Mac OS X the only sniffer option I know about are wireshark and Etherpeek (no longer being updated). As good as they are I wanted to try more updated and advanced sniffers one was Sniffer Portable from Network General and the other was OmniPeek Enterprise from Wild Packets. I am in a trial/demo program for both but unfortunately I can't capture because they both crash my system with a BSOD. Is there anything I can do to run those programs under virtualization or am I just SOL.

Thanks in advance.

Mike

Message was edited by:

pitogo

Reply
0 Kudos
9 Replies
rsa911
Virtuoso
Virtuoso
‎08-14-2007 06:14 AM

personally, I usually use the standard Microsoft netmon to capture packets then once done, copy the file to another machine where I have multiple network analyzers at hand

most network analyzers support natively microsoft netmon file format

until now, Netmon has always run fined on the many vm format i've tried

just my 2ct, give it a try and report back your experience, it's interesting Smiley Wink

Reply
pitogo
Contributor
Contributor
‎08-14-2007 06:18 AM

Oh cool, never thought of that. I can try using netmon to capture data then analyze it in the program. The program doesn't crash until it tries to take control of the interface.

Reply
0 Kudos
pitogo
Contributor
Contributor
‎08-14-2007 06:21 AM

oops duplicate

Message was edited by:

pitogo

Reply
0 Kudos
Andreas_Masur
Expert
Expert
‎08-14-2007 06:31 AM

Do you actually have a screenshot of the crash? What is the stop code? Does it happen while capturing?

Ciao, Andreas

Reply
0 Kudos
pitogo
Contributor
Contributor
‎08-14-2007 06:40 AM

I would take a screenshot but it reboots way too fast, I get a flash of blue with the stop code then it boots up. No it does not happen while capturing because it happens before the programs can start capturing. Both OmniPeek Ent and Sniffer Portable (even wireshark for Windows) launches like a normal app then when you click the start or capture button Windows immediately goes into a BSOD that flashes way too fast to read or get a screen shot my best attempt was a half black half white screen as it went to change into the boot mode.

Reply
0 Kudos
Wes_W_
Enthusiast
Enthusiast
‎08-14-2007 06:50 AM

Not being a fan of Windows, let alone paying for it, here are my free suggestions:

1) Easiest, pickup a Virtual Appliance pre-configured for network security auditing, such as BackTrack. http://www.vmware.com/appliances/directory/122

2) Install Solaris, FreeBSD, OpenBSD, or whatever Unix you like on your own VM and have more control to learn and explore more about network security. Solaris' 'snoop' command is dirt simple, or you can install Ethereal on almost anything.

HTH.

Reply
0 Kudos
rsa911
Virtuoso
Virtuoso
‎08-14-2007 06:55 AM

>I would take a screenshot but it reboots way too fast

control panel -- system - advanced -- startup and recovery

disable 'automatically restart'

your blue screen will stay displayed until you reset the Vm

Reply
pitogo
Contributor
Contributor
‎08-14-2007 07:04 AM

I am trying out enterprise products for use in our ESX environment. But first trying it out on my workstation with no luck. Wireshark is much better than Ethereal but I need something with advanced diagnostics or intellegence that can weed out problems through the noise of even a filtered capture.

install Ethereal on almost anything.

HTH.

Reply
0 Kudos
rsa911
Virtuoso
Virtuoso
‎08-14-2007 07:12 AM

I suggest you open a new thread in the ESX forum to get some advice on the recommended network analyzers for an ESX platform

the gurus out there should get you the definitive answer Smiley Wink

Reply
0 Kudos