Even wonder to perform sniffing in your Virtual Machine? Well, sometime we do want to monitor virtual machine and identify incoming or outgoing traffic to the VM. Without any hassle to configure switch port mirror, you can now configure one of VM and install with network protocol analyzer. All you need to do is
On the source VM which you would like to monitor incoming and outgoing traffic.
1. Without shutdown the VM, open the setting of VM
2.Go to Network Adapter | Advanced Features | On Port Mirroring, set as Source mode.
Example:- My Domain controller VM
On the target VM (Which installed with wireshark).
1. Open the VM Setting by using Hyper-V Manager snap-in
2. Go to Network Adapter | Advanced Features | On Port Mirroring, set as Destination mode.
Once complete, start the wireshark to monitor the traffic.
To test whether it is working or not, i use one of VM to perform nslookup and query “google.com”
Wireshark will capture and here is my test result:-
Managed to get this test working in my lab. Thanks to Aidan (MVP VM) who wrote about the tips on this features in his book:- Windows Server 2012 Hyper-V Installation and Configuration Guide. He highlighted about the criteria on how this feature work:-
“ Source and destination virtual network adapter must be on the same virtual switch(and therefore the same host)”
Now i know why I’ve failed during my test. (I’ve put the destination VM on different host).
If you’re interested to learn more, do check out his book as well. You can get it from Amazon.