Wireshark cannot see traffic from a VirtualBox guest on Windows 7

8

1

I have been trying to use Wireshark to capture some traffic that comes from a virtual machine.

The setup is:

  • Windows 7 host
  • Ubuntu guest
  • VirtualBox 4

I send some packets from the guest to the host or another IP in the host LAN. The packets get there, but Wireshark cannot see them.

I have run Wireshark on both the guest and the host. Curiously, if I send the packet to another computer, the packets are captured without problem in the second machine. I don't understand how I cannot capture the packets in the machine that is sending them.

How should I setup VirtualBox, Windows 7 or Wireshark in order to capture the packets sent by the guest machine?

santiagozky

Posted 2011-06-17T15:55:24.440

Reputation: 184

You can try if the following works out for you: Wireshark under virtualbox broken after version 4

– slhck – 2011-06-17T16:03:41.730

@slhck that is for running wireshark in the guest, he wast to know why it is not capturing on the host. – Scott Chamberlain – 2011-06-17T21:52:24.323

Answers

4

When guest OS is set up, a network interface is assigned to it.
Is wireshark listening on that interface?
In linux, there is an option to use "any" interface, which listens on all possible network interfaces, but I don't know if such option exists on the windows.

Here is explained that wireshark in windows has difficulties listening on loopback interface, the interface used when machine sends messages to it self.

bbaja42

Posted 2011-06-17T15:55:24.440

Reputation: 2 815

the link explaining the loopback problem in windows was very helpful. – santiagozky – 2011-06-18T15:42:40.310

1

Configure the Attached to: combo box to Bridged Adapter and set the Promiscuous Mode: combo box to Allow All.

Having done this I'm now seeing all traffic going to/from the guest OS.

MichaelShimniok

Posted 2011-06-17T15:55:24.440

Reputation: 11

0

In my experience Wireshark only sees the host's really external network interfaces. For example, if you use a web browser to look at a web page served by a web-server on the same PC (http://localhost), you can't use Wireshark to look at this traffic.

Similarly, the delivery of data by the VM to the host is local and not directed through a physical NIC. Presumably this provides no structure in the host operating system that looks like a "network interface" to Wireshark.

RedGrittyBrick

Posted 2011-06-17T15:55:24.440

Reputation: 70 632

As explained "here"(http://wiki.wireshark.org/CaptureSetup/Loopback) Windows do have problem listening on loopback interface (one used when browsing the localhost), but when wireshark is used on the linux, there are no such limitations

– bbaja42 – 2011-06-18T18:17:07.950

0

I have an idea for solve your issue , too late but hope it help somebody else:)

Create Host-Only Adapter and bridge with your LAN Adapter. run wireshark on LAN Adapter, It will do the work

Aji Abraham

Posted 2011-06-17T15:55:24.440

Reputation: 1

Asked: 2011-06-17T15:55:24.440

Viewed: 40 667 times

Active: 2017-11-07T15:39:26.990