How do we do that? Well, we face a couple of problems here: Let’s say we want to take a look at anything the Mail server sends or receives. Consider the following example (and let’s assume all physical links are gigabit links): In virtual environments things get a lot more complicated since there often is no physical spot where you can easily pick up packets from a single virtual machine. Well, you need to determine if you can afford to use a SPAN port, or if you need to go by a TAP, but that’s usually it. All you have to do is to find out which path the packets travel along and pick them up somewhere you like. With purely physical networks the chances of selecting a good spot for the capture are pretty good – unless it is a very complex network with lots of redundancy and high speeds in the backbone. Sometimes, I use more than one capture location, for example at the client and the server, at the same time. It can either be put close to the client, or to the server, or somewhere in the network path between the two nodes. Usually, the first thing I do when you try to capture packets to solve a problem I determine the best location to set up your sniffer.
And since that topic seems to become more and more popular I thought it would be a good idea to write a little how-to about it.
#CAN WIRESHARK CAPTURE PACKETS FROM ANOTHER NETWORK VMWARE HOW TO#
Since I’m also a certified VMware instructor it happened more than once that another instructor teaching the Wireshark class asked me how to do this, and sometimes even pulled me into his own class to speak about capturing virtual machines for a few minutes. Later, when I was teaching Wireshark courses at Fast Lane, the topic of capturing the traffic of virtual machines came up every once in a while when I spoke about data capturing methodology in class.
The VMware part was the biggest challenge of all, because we had to find a place where we could capture the traffic of three virtual machines running inside a DRS cluster, and we had to make sure we really didn’t miss anything coming or going to these servers. One of the most complicated analysis jobs took two weeks to plan, and involved major headaches like SSL encrypted links, a load balancer, NAT devices and a huge VMware infrastructure. I bought all the recording hardware we used, acquired network TAPs of all sorts and speeds, and did most of the planning of where to put which engine. I have always been the guy in our network analysis team responsible for the actual capture of network packets.
0 kommentar(er)
