Nov 2, 2011

Is it possible to mirror port to capture packets between VM host and VM?


I have 2 physical machines, A and B. A runs VMWare Workstation with a virtual machine C. C is using Bridged network interface.

A and B are both connected via ethernet to a switch. B has two NIC’s. If I used port mirroring on A’s connection to the switch, and then put that into B, would I be able to capture traffic between A and C? Does that traffic go to the switch, or does it get short circuited somehow?

Thanks in advance!


VMware Workstation network traffic does indeed short-circuit inside of the host machine. Traffic from VMs on that machine to the host itself will never hit that Ethernet switch. It’s a kind of virtual switch inside the Host, so traffic that can be handled locally will be handled locally; no need to forward it to the switch in the closet.

In order to capture that traffic, the capture has to be performed on the host itself. I do this frequently when checking on things like startup-traffic for a VM.

