BifSteve
Contributor
Contributor

VMs network traffic

I have two VMs running ubuntu on my work machine (windows). On one VM running wireshark, I see the traffic from the other VM when ever it is on. Both vms are defaulted to NAT. Why is this occurring and how can I separated the traffic.

Labels (1)
0 Kudos
3 Replies

Not sure what kind of traffic you mean? There are many applications working as servers that do that. Also operating system itself does that between computers in the same network - that's how internal naming system works (without a DNS server). Now that you are running Wireshark, that causes network traffic by itself.

If you do not want that to happen by default, you would need have your two VMs in separate networks - now they are in the same NAT network. You could create another network, but easiest way is probably in Workstation Pro (install it and network configuration GUI is still available after evaluation time expires). You could also put the other one in Host-only network but then you would still have some traffic between Host and VM.

Those wouldn't still prevent Wireshark causing network traffic, but that is most likely to be able to scan different networks - depending on how you run it.

So, if you have minimum traffic - that is how OS's work or that is what you cause with Wireshark.

If you have heavy traffic - you either have installed servers that you are not aware of or you have some other type of unknown software running in your system - cannot speculate on what that unknown might be. Typically, nowadays, in corporate PCs all kinds of software is working in the background without the end user knowing about them - that is the point of them. If you got the VM from somewhere else, you might want to install Ubuntu with its defaults and see how that behaves - it only takes 1-2 hours to get Ubuntu running in VM (depends on Internet speed, however). Just as an example: If you have Microsoft Teams installed, it spies on what you do and sends a report to your boss ... that is bound to cause some network traffic - not exactly sure what Debian version of Teams is doing.

0 Kudos
BifSteve
Contributor
Contributor

I am running two vms (vmware workstation player) on my work desktop. They are using default network config of NAT. On one vm i have wireshark, on the other vm i browse to a website. On the vm running wireshark i am seeing the packets for the other vm. I know its the other vm as I am seeing its source IP going to the website I browsing to from that vm. Why am I able to see the packets on the other VM? How can i stop that from occurring? What I am trying to do is have these two vms on their own subnet, be able to talk out through my work pc. I dont want broadcast from the vms network to reach my work computers subnet.

0 Kudos

"Why am I able to see the packets on the other VM? How can i stop that from occurring? What I am trying to do is have these two vms on their own subnet, be able to talk out through my work pc. I dont want broadcast from the vms network to reach my work computers subnet."

To my understanding, you have only one subnet in play under your Host, that is VMware NAT. If that is true, then the last of your sentences is odd.

If you want two sub nets to be isolated from each other, you need to have two sub nets. Above, I pointed to this. You need to create a couple of new sub nets, with functionality of your choice. In order to do that, you need to create new Virtual Networks with Workstation Pro and place your two VMs in them. This is the choice with all options available for you.

Or you can just have the other (non-web-browser-)VM in Host-only network and then it does not see your NAT VM, but you don't have any outside network capability either from that other VM, if that is OK for you.

As for your first sentence - in the same network, that is how Ethernet works. Host will see both VMs anyway.

0 Kudos