Wireshark - VMWare : how to capture host traffic using wireshark in virtualmachine?
This is the whole point of Virtual Machines - isolation.
I can't immediately tell you if you can capture the Host network traffic from a guest (e.g: using promiscuous mode), but it would help to know if you're using VMWare Workstation or VMWare Player.
An option would be to route your PC's traffic via the VM, which should also be against the company's policy and could be easy to get wrong...
I would recommend that you either
- Just install Wireshark on the PC... you've already got VMWare and a VM, this would be arguably less of an infringement.
- Find a hub (not switch) and a spare machine to put Wireshark on. Then put the switch between your PC and the wall, and hang the "Wireshark PC" off it too - reference. Again, this should be against the company's policy.
Mike D3ViD Tyson
My passion for electronics was born in '91, when at the age of 4, I receive my first Nintendo "Nes" (Platform Game 8bit) It was love at first sight.Now days I place myself in the group of Nerd "alternatives", lovers of new technologies. To work abroad is one of my passions, i've travelled in Asia (China, Turkmenistan, Philippines, Hong Kong), South America (Paraguay), Africa and Northern Europe, where I acquired a good knowledge of English spoken and written.
Updated on September 18, 2022Comments
-
Mike D3ViD Tyson over 1 year
I am try to capture the HTTP traffic from local server to remote server, but i cannot install directly wireshark on the machine because company's policy dont permit. I am administrator so i install VMware debian VM an installed Wireshark. The issue is i cannot spot the entire traffic from/to the host, i can only capture the HTTP packet from/to my virtual machine.
How can i configure the network adapter to see all the traffic from my PC to the web?
Some specs:
Host: Windows 8 , ethernet Controller Realtek PCIe GBE Family
VM: VMware® Workstation 12 Pro Version 12.1.1 build-3770994
-
Appleoddity over 6 yearsYou have to put the network adapter or virtual switch in promiscuous mode. It’s in the VMware settings, you can find information online. I’m not familiar VMware workstation. I just know how to do in esxi.
-
Mike D3ViD Tyson over 6 yearsi found only solutions about linux host, what about windows? is it possible??
-
-
Mike D3ViD Tyson over 6 yearsThx for the answer, in the point 2 you mean a virtual hub?
-
Attie over 6 yearsNo, a physical Ethernet hub.
-
Mike D3ViD Tyson over 6 yearsI have edit the question with VMWare Specs
-
Mike D3ViD Tyson over 6 yearsand about point 1 i cannot install wireshark in the host machine because they can spot it by using spiceworks agent (installed on my machine)
-
HelpingHand over 6 yearsYou can use netsh to create a packet capture. One Google result: blogs.technet.microsoft.com/yongrhee/2012/12/01/… Also see if you can get RawCap.exe. It doesn't need to be installed and can easily sniff loopback and remote.
-
Attie over 6 yearsAny network monitoring (e.g: Wireshark) is likely to be against the company policy. If you're only worried about being found out, then that's a different question. Do you have a good reason to use Wireshark (for your job)? Have you asked IT for permission? They are usually reasonable guys!
-
Attie over 6 yearsIf you're just worried about installing Wireshark, then you can run it as a "portable" application. Which is still likely to be against the policy.
-
Mike D3ViD Tyson over 6 years@Attie portable version can be a good solution, i have already ask to the IT but they are too busy for me!