![Lead Image © alphaspirit, 123RF.com Lead Image © alphaspirit, 123RF.com](/var/ezflow_site/storage/images/archive/2015/27/moving-data-between-virtual-machines/po-25713-123rf-alphaspirit_123rf-mann_mit_lupe_untersucht_ein_notebook__resized.png/113115-1-eng-US/PO-25713-123RF-alphaspirit_123RF-Mann_mit_Lupe_untersucht_ein_Notebook__resized.png_medium.png)
Lead Image © alphaspirit, 123RF.com
Moving Data Between Virtual Machines
Hidden Information
The easiest virtual environment scenario is based on a single physical server that hosts multiple virtual machines (VMs), but capturing the data traffic within a single physical computer is very difficult. The packets exchanged between the virtual machines on the same server never actually leave the physical server. For this reason, a physical span port on the switch is not much use for logging the data streams.
However, developers have come up with a solution for this analysis problem: a virtual switch with an integrated span port. This setup lets administrators define a network interface controller (NIC) on the virtual switch as a target for the traffic they want to log.
You can use a vNIC running on a virtual machine on the server, or you can use a pNIC to transfer the packets to an external sniffer.
Two Approaches to Monitoring
The benefit of using a VM as your packet collector on the server is that you don't need any additional hardware. The drawback, however, is that this approach generates additional data traffic on the virtual switches and possibly requires additional storage space to keep the packets that you log on disk. Network analysis is typically a passive process. Because the sniffer runs on a physical server, the data is stored on the local hard disk, which could have consequences for the entire VM server.
Alternatively, you can log the data in non-promiscuous mode within the VM itself. To do so, you need to create a capture filter on the virtual machine in which you will be logging the packets. Thanks to tcpdump
, sniffing on the Linux-based virtual machine is fairly simple. It makes sense to use the -w
option, which tells the software to write the packets it logs to a pcap file. You can then open the file with any network analysis tool and quickly and easily evaluate the results.
In practical applications, you will probably also
...Buy this article as PDF
(incl. VAT)