If I have two guest OS'es running, both bridged on to the en0 interface, I can't seem to view the traffic between the two guest OS'es using conventional traffic sniffers (eg. tcpdump) in the main OS, Mac OS. Broadcasts, and other things that need to go out the en0 interface, can be seen, but not the traffic that is only going between the two guests. Does the network device driver hide that traffic from the en0 interface? Is there anyway to view that traffic within the main OS or do I have to use utilities inside one of the guest OSes in order to view that traffic? -Rich
Rich, You are correct in that ethernet frames sent from VM to VM are not delivered to Mac OS X. This is consistent with most switched networks. To view network traffic inside VM you can use whatever utility is appropriate for that particular guest OS. One example is Ethereal, which is free and is available for many platforms.
Ah, yes, I wasn't aware that it was "switched" until after I posted this and then noticed that traffic between one guest OS and the main Mac OS wasn't visible by the other guest OS. I assumed that bridged on the the interface meant that all trafffic was seen by all entities attached to that interface. Thanks for the reply. -Rich
Using guest to monitor host traffic? My company makes a product that uses promiscuous mode network sniffing to monitor and report on network traffic, and I've found this to be a requirement for testing our software. This works with great with VMware but not with Virtual PC (or with Parallels it seems from my experiments). I think this would also be useful for people who want to use tcpdump, ethereal etc. to monitor traffic generated by their host, or even traffic generated by another VM. Would this be difficult for parallels to support? Maybe just add a flag to disable the "switch" behavior and make it work more like a hub? I know this would be extremely valuable for me and the difference between being able to use Parallels or having to stick with VMware. I've already pre-purchased a copy, but maybe I would buy a bundle to help fuel this feature. Thanks, -Mike
I don't believe it does work. The request was that Parallels implement such a feature. But maybe I've missed something since this thread started. -Rich
Well, then, I certainly vote for doing it. Having myself done a lot of drivers, I would think it would be "easy". Certainly Parallels is somewhat limited in a business environment without Promiscuous mode. /b
