Options to monitor/sniff network traffic under a vm
C. L. Martinez
carlopmart at gmail.com
Wed Aug 28 06:10:08 UTC 2013
On Tue, Aug 27, 2013 at 10:26 PM, John Nielsen <lists at jnielsen.net> wrote:
> On Aug 25, 2013, at 5:38 AM, carlopmart <carlopmart at gmail.com> wrote:
>
>> I need to monitor/sniff network traffic for three subnets (1 GiB nets) and I need to do this using a virtual guest under an ESXi 5 host (yes, it is a "handicap").
>
> Not sure about your questions below, but doesn't ESXi 5 support port mirroring in the virtual switch? That seems like a better place to do most of the heavy lifting. You could still attach your FreeBSD instance to the monitor port(s) for analysis. That would hopefully help at least with a) by reducing the number of virtual NICs needed.
>
Thanks John for your answer, but I can't use distributed switches in
this ESXi server because is a standalone server (distributed vswitches
are only available when you manage more than tow ESXi servers using
clustering features and is the only option to do port mirroring. Using
a standalone server you can enable promisc in a vswitch and use an
external tap to see all traffic, but that's not the problem actually:
I can see all traffic in this freebsd vm).
About nics: I can't reduce the number of virtual NICs. I need to use
six to monitor six different subnets ... And here is the problem with
IRQs.
More information about the freebsd-net
mailing list