While teaching last week I learned that recent versions of VMware Server (I used 1.0.2) no longer act like a hub. Doing some quick testing this morning with three VMs, I told VM 1 to ping VM 2 while VM 3 watched. I learned VM 3 cannot see VM 1 ping VM 2 when using bridged, host-only, or NAT networking. The host OS can see traffic on the bridged interface, /dev/vmnet1 (host) and /dev/vmnet8 (NAT). This is important because it means you can't deploy a VMware-only monitoring lab. The only solution appears to be running sensor components on the host OS, watching the bridged interface, /dev/vmnet1 (host) and /dev/vmnet8 (NAT). I noticed that monitoring the physical bridged interface results in double packets, so only watching /dev/vmnet1 or /dev/vmnet8 seem like viable solutions for doing testing with VMs.
Does anyone have an opinion on this? Thank you.
Tidak ada komentar:
Posting Komentar