Opened 10 years ago
Closed 8 years ago
#13482 closed defect (obsolete)
Passive sniffing virt'd network traffic doesn't capture non-guest traffic
| Reported by: | ckane | Owned by: | |
|---|---|---|---|
| Component: | network | Version: | VirtualBox 4.3.16 |
| Keywords: | promiscuous snort sniff bro | Cc: | |
| Guest type: | all | Host type: | Linux |
Description
Trying to set up a virtualized network of three VMs (A, B, C). All three of them will be connected to the same virtualized network node (I have tried NAT Network, Internal Network ("so" name), Host-only network (all vboxnet0). I have tried setting all to the promiscuous mode of "Allow VMs" as well as "Allow All".
If I install Linux on VM A (Ubuntu server 12.04 LTS) and VM B (Kali Linux), I can ping them each just fine, and communicate between them. I installed Security Onion onto VM C, and set its monitor interface to be on the same virtualized network that A & B are communicating over. I can see broadcast/ARP traffic just fine using tcpdump on VM C, but I cannot capture any of the traffic between VM A and VM B.
I am expecting to be able to capture ALL traffic whether or not VM C is the destination of that traffic. I expected that setting Promiscuous mode to "Allow VMs" or "Allow All" would let me accomplish this, but that does not appear to be the case.
Please reopen if still relevant with a recent VirtualBox release.