I have 2 physical machines, A and B. A runs VMWare Workstation with a virtual machine C. C is using Bridged network interface.
A and B are both connected via ethernet to a switch. B has two NIC’s. If I used port mirroring on A’s connection to the switch, and then put that into B, would I be able to capture traffic between A and C? Does that traffic go to the switch, or does it get short circuited somehow?
Thanks in advance!
VMware Workstation network traffic does indeed short-circuit inside of the host machine. Traffic from VMs on that machine to the host itself will never hit that Ethernet switch. It’s a kind of virtual switch inside the Host, so traffic that can be handled locally will be handled locally; no need to forward it to the switch in the closet.
In order to capture that traffic, the capture has to be performed on the host itself. I do this frequently when checking on things like startup-traffic for a VM.
- How to capture Wireshark packets when using a switched network in Windows
- How to capture packets of VPN
- Is there a way to get wireshark to capture packets sent from/to localhost on Windows?
- tcpdump How do I use it to capture all traffic headers
- pfSense: Possible to traffic capture the actual WAN port?