VMWare and Promiscuous mode.

AhriakinAhriakin SupremeNetworkOverlordMember Posts: 1,800 ■■■■■■■■□□
Hi Guys,

I'm a bit of a VMWare n00b so apologies, I just use player and server at a basic level. JD recently recommended a software Virtual Appliance that integrates Snort and a few other tools that require sniffing capabilities. I don't have a lot of time at the moment to check this fully but from this post, http://communities.vmware.com/message/371562, it would seem this is only possible on ESX and not the free edition? Can anyone quickly confirm?

Thanks.
We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?

Comments

  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Promiscuous mode is available on VMware Server (the free one) as well. Have a look at the documentation here: http://www.vmware.com/pdf/server_admin_manual.pdf
  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,800 ■■■■■■■■□□
    Cheers, will have a look through when I get more time.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • JDMurrayJDMurray Certification Invigilator Surf City, USAAdmin Posts: 11,523 Admin
    Promiscuous mode of the VMWare virtual network adapter? Wireshark works for me in both VMWare Server (Free) and ESX.

    And that VMOSSIM link I posted is to a virtualized OSSIM release (0.9.9rc2) is obsolete. Just download the latest OSSIM 1.x.x release with the AlienVault installer and install it on a new VMWare image yourself.
  • SieSie Member Posts: 1,195
    JD et all,

    Has anyone found a Virtulisation platform that allows the utilisation of the Physical Wifi Card rather than Ethernet??

    (Wifi is emulated as Ethernet on each I have tried...)
    Foolproof systems don't take into account the ingenuity of fools
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Sie, you should be able to do this in any hosted hypervisor (MS Virtual Server/Virtual PC, VMware Server/Workstation).

    Neither ESX, Xen, Virtual Iron, or HyperV will support it though because they won't have drivers for it in their kernels.

    Can anyone speak to KVM?
  • SieSie Member Posts: 1,195
    Sorry what I meant has anyone managed to get a PCI/PCI-E/PCMCIA/MINI-PCI/MINI-PCIe/EXPRESS CARD Wireless card to work correctly with monitor/promiscuous mode via VMware or Virtual PC.

    They dont seem to be supported too well, true I have ony setup one machine on VMware and havent had much time to play around with it but just wonderd if anyone had got this to work.

    USB Wireless devices seem to have a better response.....
    Foolproof systems don't take into account the ingenuity of fools
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    I know the old ORINOCO Gold and Cisco Aironet PCMCIA cards (I will not refer to them as CardBus - I'm stubborn) supported it and I have used both in the past.

    Other than those its up to the chipset and driver, or there is always AirPcap, but those are probably a bit fancier than you were looking for (and more expensive).
  • SieSie Member Posts: 1,195
    I dont think its down to the chipset to be honest I think its the Virtulisation Software.

    The reason I come to this conclusion is I have run BT3 on one laptop no problems 'out of the box' from a Live USB, however when installed within a VM it fails to even detect it is a wireless card and only detects a standard (non-wireless) NIC.

    Will have to get some time to test it and see.

    Thanks for your replies! :D
    Foolproof systems don't take into account the ingenuity of fools
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Yes the virtualization layer will abstract the network resource from the VM, there is nothing you can do about that (it will always appear as a wired NIC), but you should still be able to sniff all the traffic flowing through it if you set both the host and VM cards to promiscuous mode.
  • larkspurlarkspur Member Posts: 235
    ok so you can use sniffer on VM so that means you are spanning the swicthport as well?
    just trying to keep it all in perspective!
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    assuming you set the vSwitch to promiscuous mode for the port group, yes.
Sign In or Register to comment.