Configure Wireshark to capture any packages between host machine, and guest (VM)

1

I'm new to this whole Wireshark thing. I have a VM running inside my local Mac via VMWare Fusion.

  • VM IP Address : 172.16.139.129
  • Mac IP Address : 10.0.0.4

I want to capture http connection between my VM and Mac. What should I set/configure to see those packages ?

Here is what I'm selecting right now as my interfaces.

enter image description here

Network Adapter

I have 2 network adapters, 1st one set to Host-Only, and 2nd one set NAT

enter image description here

Result

I don't see any packages that related to that IP at all. I've tried adding port : 1234 to my tcp port list also. Result still the same. I only see other packages.

On my Mac, on a browser when I go to : http://172.16.139.129:1234/vse/accounts , I got

enter image description here

Any hints / suggestions on this will be much appreciated !

cyber8200

Posted 2015-11-21T13:40:27.293

Reputation: 217

How does port 1234 come into it? Wireshark should capture everything. Try running ifconfig (or the Mac equivalent) on both machines to validate the IP addresses. Also, are you running Wireshark on the host or guest? – None – 2015-11-21T16:10:25.083

Answers

1

I'm guessing the NAT adapter is your default route. If so, you won't ever see the IP address of the machine since it's NAT'ed and the router (I.e. your computer) will masquerade with its own IP address. In that case, look for traffic coming from your computer's address.

Alternatively, to give the VM it's own real IP address, switch to bridged networking.

If you're still having issues, you should show what Wirrshark filters you are trying to use.

multithr3at3d

Posted 2015-11-21T13:40:27.293

Reputation: 516

Asked: 2015-11-21T13:40:27.293

Viewed: 189 times

Active: 2015-11-21T16:40:14.080