VMware Cloud Community
asuravithu
Contributor
Contributor
‎10-13-2010 05:08 AM
Jump to solution

Can we retrive Ethernet Packet Data using VShield App?

Hi,

I read that Vshield App's Flow Monitoring capability gives you the following capability: "Ability to observe network activity between virtual machines to help

define and refine firewall policies, identify botnets and secure

business processes through detailed reporting of application traffic."

My question is whether it also has some API which can actually give me the data inside the packets sent over the network? (Something which VSafe-Net APIs used to give)

Thanks in advance.

0 Kudos
1 Solution

Accepted Solutions
admin
Immortal
Immortal
‎10-15-2010 08:17 AM
Jump to solution

The feature is designed to show header/flow information, not payload information.

The vShield APIs are designed to have feature parity with the GUI-based access (vshield Manager, vCenter plugin). The Flow Monitoring feature offers header information for each flow - sessions, packets, bytes. The application content is displayed and categoried (e.g. UDP, TCP; incoming/outgoing; app/protocol name; IP address). I attached a screenshot from a lab test screen to give you an idea, but this is not an exhaustive list.

Does this answer your question? If not, please clarify and I can get you more information.

View solution in original post

Preview file
40 KB
0 Kudos
6 Replies
admin
Immortal
Immortal
‎10-15-2010 08:17 AM
Jump to solution

The feature is designed to show header/flow information, not payload information.

The vShield APIs are designed to have feature parity with the GUI-based access (vshield Manager, vCenter plugin). The Flow Monitoring feature offers header information for each flow - sessions, packets, bytes. The application content is displayed and categoried (e.g. UDP, TCP; incoming/outgoing; app/protocol name; IP address). I attached a screenshot from a lab test screen to give you an idea, but this is not an exhaustive list.

Does this answer your question? If not, please clarify and I can get you more information.

Preview file
40 KB
0 Kudos
asuravithu
Contributor
Contributor
‎10-17-2010 08:48 AM
Jump to solution

Thanks a lot firecrackerpm.

Actually, our requirement was to be able to see what is actually inside these packets. VMSafe-Net API used to provide the functionality to do this. Can't we do the same using VShield App?

0 Kudos
admin
Immortal
Immortal
‎10-17-2010 10:00 AM
Jump to solution

Hi there,

The short answer is that no, vShield App doesn't provide visibility into payload. There is the new EPSEC (endpoint security) API which was released as part of the vShield Endpoint launch, designed to offload file activity from VMs. This is being made accessible to key endpoint security vendors. I don't have direct information on the VMSafe Net APIs but this related thread seems to indicate that these are made accessible to select partners as well: http://communities.vmware.com/thread/228090

It sounds like you have some specific reasons for requiring this access so if you like, I can put you in touch with our alliances team to see which APIs they can make accessible to you. Let me know and I"ll put you in touch with the right people.

Gargi Mitra, vShield Product Marketing

0 Kudos
asuravithu
Contributor
Contributor
‎10-18-2010 03:28 AM
Jump to solution

Yes, we have a specific requirment for accessing the payload data passing to and from the VMs. We were able to access this using the VMSafe Net API for ESX 4.0. We are not sure how this can be done for ESX 4.1.

Q1. Is VMSafe Net API avaliable for ESX 4.1?

Q2. Is there any other way we can access packet data?

Thanks a lot for the prompt reasponses and support. Appreciate it.

Rgds,

Kiran

0 Kudos
beckham007fifa
Expert
Expert
‎10-18-2010 06:04 AM
Jump to solution

Q2. Is there any other way we can access packet data?

Answer is No..

Vmware vshield will provide header information of the data viz. sessions and data transfer in KB etc. that means we wl have only outer information not the data;s and communication flowing between.

and VMsafe is not for this purpose and I am not sure abt the API available for doing this. VMware safe is having features of protecting the VM in a manner which physical machine failed to do, they are now protect from malware and other attacks through this.

I hope you get ur answer, for knowing abt API you can google...

Regards, ABFS
0 Kudos
admin
Immortal
Immortal
‎10-18-2010 07:50 AM
Jump to solution

Kiran,

The official way to get your request addressed would be to contact the Alliances group at this form: http://www.vmware.com/contact/contactus.html?department=tapalliance&label=tapalliance.

I will email my contacts there and point them to this thread so they can keep a lookout for your request. Please fill this form out today and you should get a prompt response.

Regards,

Gargi

0 Kudos