wireshark cannot capture VM traffic

3

2

Here is my setup:

  • A windows 7 laptop running as a host running VirtualBox
  • Inside Virtualbox, I have a debian VM.
  • The eth0 of the VM is created as a bridged device from the physical ethernet port on the laptop
  • On Windows, I run wireshark and sniff the ethernet device.

When I try to a host in the wild internet from the VM, it works but I can't capture any packets. But if I ping the laptop's IP address, wireshark sees the icmp traffic without problem.

Why is that?

lang2

Posted 2014-01-07T13:24:20.400

Reputation: 1 830

Answers

5

You're using a bridged adapter which Wireshark cannot see. Basically, the bridging completely bypasses your laptop OS's network stack, so to your laptop this information isn't even being displayed.

If you wanted to capture data, you'd need to use NAT mode and port forward the ports for your guest. See this for detailed information.

Nathan C

Posted 2014-01-07T13:24:20.400

Reputation: 2 522

thanks but I can't really understand this. This is not a hardware bridge. The packets still has to physically go out from the same wire, meaning the OS has to handle it. No? – lang2 – 2014-01-07T13:36:05.670

1@lang2 Nope. It bypasses the Windows network stack and directly talks to the hardware. Wireshark listens at the OS level, not hardware. – Nathan C – 2014-01-07T13:36:54.960

Asked: 2014-01-07T13:24:20.400

Viewed: 11 188 times

Active: 2014-01-07T13:31:04.360