Ticket #13482 (closed defect: obsolete)

Opened 4 years ago

Last modified 3 years ago

Passive sniffing virt'd network traffic doesn't capture non-guest traffic

Reported by: ckane Owned by:
Component: network Version: VirtualBox 4.3.16
Keywords: promiscuous snort sniff bro Cc:
Guest type: all Host type: Linux


Trying to set up a virtualized network of three VMs (A, B, C). All three of them will be connected to the same virtualized network node (I have tried NAT Network, Internal Network ("so" name), Host-only network (all vboxnet0). I have tried setting all to the promiscuous mode of "Allow VMs" as well as "Allow All".

If I install Linux on VM A (Ubuntu server 12.04 LTS) and VM B (Kali Linux), I can ping them each just fine, and communicate between them. I installed Security Onion onto VM C, and set its monitor interface to be on the same virtualized network that A & B are communicating over. I can see broadcast/ARP traffic just fine using tcpdump on VM C, but I cannot capture any of the traffic between VM A and VM B.

I am expecting to be able to capture ALL traffic whether or not VM C is the destination of that traffic. I expected that setting Promiscuous mode to "Allow VMs" or "Allow All" would let me accomplish this, but that does not appear to be the case.

Change History

comment:1 Changed 3 years ago by aeichner

  • Status changed from new to closed
  • Resolution set to obsolete

Please reopen if still relevant with a recent VirtualBox release.

Note: See TracTickets for help on using tickets.
ContactPrivacy policyTerms of Use