This might be a naive question for this community, but please pardon me. What I want to know is this, is there any existing component of a virtual network consisting of several virtual machines running on a hypervisor, that can monitor (sniff) the network traffic (i.e. the traffic between the VM's virtual network adapter and the virtual switches at the hypervisor level) of all the virtual machines?
I would like to setup a packet analysis tool at the hypervisor layer, which would use such a component (if it exists) to receive mirrored packets intended for any virtual machine on that hypervisor and do its desired processing on that mirrored packet.
Thanks in advance.
I think you posted this in the wrong section, but anyway... just use one of the sniffing tools out there and go to your vSwitch. On the vSwitch properties you have a security section where you can enable and disable promiscuous mode.
VMware Communities User Moderator | VCDX
Now available: <a href="http://www.amazon.com/gp/product/1439263450?ie=UTF8&tag=yellowbricks-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1439263450">Paper - vSphere 4.0 Quick Start Guide (via amazon.com)</a> | <a href="http://www.lulu.com/product/download/vsphere-40-quick-start-guide/6169778">PDF (via lulu.com)</a>
Blogging: http://www.yellow-bricks.com | Twitter: http://www.twitter.com/DuncanYB
Thanks for the solution Duncan, I wanted a packet analyzer at the virtual switch level in the hypervisor just to monitor any malicious network activity like network attacks, I am trying to find a functionality similar to a firewall (not a firewall though) at the vswitch level i.e. in the hypervisor, so that unwanted packets don't reach the VMs at all. Is there any such tool or feature available in VMware ESX?
Also i apologize for the misplacement of the question.
Thanks in advance.
This sounds like the kind of thing vShield and the VMsafe API were made for. in addition to the firewall, there are virtual appliances that will run IDS/IPS applications that sounds like they'd do what you want ?
would you happen to know if VMware can support a sniffer that also needs to be able to snif the entire network (physical network included)?
I know we can set ports to promiscuous mode on a vSwitch & Portgroup level, but will it also receive all network packets passing the physical switch or do we also need to set the physical switch port in promiscuous mode for that to happen. I guess the latter, do you agree?