VMware Cloud Community
dcap
Enthusiast
Enthusiast
‎06-30-2008 06:18 AM
Jump to solution

Finding VM's through Network Traffic

Is there an easy way to find VM's in the infrastructure by sniffing traffic? Could I use CDP for my cisco network or sniff traffic on ports 902 and 903 to look for traffic going to virtual center? I want to try and find a way to discover VM's on the network via the network layer.

0 Kudos
1 Solution

Accepted Solutions
Texiwill
Leadership
Leadership
‎06-30-2008 07:14 AM
Jump to solution

Hello,

CDP is the best choice as sniffing traffic may not lead to any results if the remote console is not used or virtual center not employed or any other things that are not used to communicate between VMs. Many tools exist to find the underlying machine type in use. HPSIM has methods to do this as do others. Its the only one I remember off the top of my head... However for a pure networking issue CDP works best for ESX. However, I am not sure if CDP will work with Workstation or Server.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

0 Kudos
3 Replies
happyhammer
Hot Shot
Hot Shot
‎06-30-2008 06:43 AM
Jump to solution

would suggest you use a mac address filter

Rubeck
Virtuoso
Virtuoso
‎06-30-2008 06:46 AM
Jump to solution

Tracking down VM's should be possible with out a sniffer..... in a Cisco enviroment I would simply query the default gateway(s), which the VMs are using

"show mac-address-table | include 00-0C"

"show mac-address-table | include 00-50"

This should show you the L2 addresses..... For L3 info do a´: "show ip arp | include <MAC-address from previous output>

/Rubeck

Texiwill
Leadership
Leadership
‎06-30-2008 07:14 AM
Jump to solution

Hello,

CDP is the best choice as sniffing traffic may not lead to any results if the remote console is not used or virtual center not employed or any other things that are not used to communicate between VMs. Many tools exist to find the underlying machine type in use. HPSIM has methods to do this as do others. Its the only one I remember off the top of my head... However for a pure networking issue CDP works best for ESX. However, I am not sure if CDP will work with Workstation or Server.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos