VMware Cloud Community
jrh910
Contributor
Contributor
‎01-18-2007 12:15 PM

Monitoring / Controlling inter-guest network communication

Our corporate security folks are looking for a way to monitor and control network communication between guests on an ESX 3.0.1 host. On physical servers they just log into the switch and send all the traffic to one of their sniffer boxes. However, that's not really an option with a VMware virtual switch.

This isn't really my speciality, but if I put the switch into promiscuous mode when they need to do some work would they be able to see more traffic at the physical switch port? Other ideas?

Reply
0 Kudos
3 Replies
bretti
Expert
Expert
‎01-18-2007 12:27 PM

I'm assuming you are doing vlan trunking for your vm's. Is that the case?

The network guys over here end up creating a feed port on the physical switch that the hosts are connected to. That feed port can see all the trafic on that collision domain or VLAN. I'm not real sure if you can do vlan trunking on a feed port, but it sounds reasonable. Then they could capture all day long on that port.

If you are using internal networking on your vm's then I'm not sure. You are probably on to something with the promiscuous mode.

Reply
jrh910
Contributor
Contributor
‎01-18-2007 05:21 PM

All of the guests on a host are in the same collision domain so the feed port idea might work - I'll have to talk to one of the network admins and probably just do a sniff and see what shows up. The thing they're most concerned about is being able to see all the traffic between guests on the same host. I'm not sure if the VMware virtual switch which the guests are connected to would actually pass along all the packets upstream to the physical switch where they can be intercepted at the feed port or just pass them between the guests.

Reply
0 Kudos
kgilbert
Contributor
Contributor
‎04-13-2007 03:37 AM

this is an issue in our environment as well.

so far i have not found a solution, but i am not totally out of ideas yet either.

-ken

Reply
0 Kudos