Hi there,

first of all: I dont know if i am at the right place here. If this is not the right place to ask this question than i am really sorry

My Scenario is the following:

I got one virtual DNS Server which gets queries from internal clients. I want to install an analyzing server that gets all those queries too.

I cant do it the "normal" way where i just set the virtual nic into promiscious mode and sniff all the traffic. That will not work since the analyzing server is a commercial appliance that works also as DNS Server. The developer of that software sees his products more like a replacement rather than an extension to the current dns infrastructure.

So my idea is to setup a portmirror and let the analyzing server think that all those packets are meant for it. I would set the ip and mac the same as my current dns server.

My Questions here are:

1. Is this even possible in a virtual enviroment? I know how i would do that on physical hardware, but my experience is limited with vmware.

2. When i set up a port mirror like discribed, how do i prevent that answers from the analyzing server gets back to the clients since i only want the server to analyze the traffic?

Greetings and best regards