vmware (virtual machine) bridged networking details

agibby5 · Jul 17, 2006

My question deals with VMware's bridged networking and the limitations and/or benefits with regard to the host machine. I realize that virtual machines run on a separate layer; that is, they are separated from the host entirely except for the most obvious feature of virtual machines, resource sharing.

I am running a guest OS in VMware with a bridged network connection. I run a VPN client to connect to a corporate network. Finally, my question is ?does anything I do on the host OS affect (or connect to) anything I am concurrently doing on the guest OS and VPN client within?

In other words, is what I do on the host OS Ethernet card visible to the guest OS? My reading tells me ?no, they are separate?. My logic says all information is traveling across the same Ethernet connection and could be visible to either the host or guest OS. This is where my confusion exists.

Thanks a bunch!

azev · Jul 17, 2006

imo, I think they are totaly separate. I said this because you can have no ip address on your host NIC, but if the vm have ip address on its virtual nic (bridged to the host nic) you should able to ping the vm from a different box.
What version of vmware are you running ?

agibby5 · Jul 17, 2006

I'm running VMware v5.5.1 build-19175.

In my router's device list, the computer name associated with the the guest os appears as a completely separate IP address entry. For this reason, I think you are right... they are totally separate.

Does anyone else have an opinion which they wish to put forth to either support or deny?

Thanks for the rapid reply, azev!

unmerited · Jul 17, 2006

My host operating system is Suse 9.3 and I have Windows 2000 pro and Suse Linux 10.1 as guest operating systems. I can access the host from either guest system via shared drives on the network. I can also access each guest from the host via the network and each guest can access the other guest. Hope this answers your question.

I must say I really like VMware Server. Very nice product.

Forgot to mention I use bridged networking on each guest.

unmerited

TG2 · Jul 17, 2006

You are correct.
I use an XP host and run an XP guest to connect to work via VPN with no problems (XP guest is a domain computer, XP Host is not)

ktwebb · Jul 18, 2006

Is data going across the host NIC visible to sniffer? Yes. It's a bridged network interface. It's role is to forward the packets that come from the guest Virtual NIC. Now what you could do with it is questionable. So I guess you'd need to define what your looking for to be specific but you can sniff the traffic and get the MAC of the virtual NIC going across the bridged interface.

As far as resource availability. it's a node on the same LAN so browsing resources would be no different than browsing another physical box on the same network.

agibby5 · Jul 18, 2006

Originally posted by: ktwebb
Is data going across the host NIC visible to sniffer? Yes. It's a bridged network interface. It's role is to forward the packets that come from the guest Virtual NIC. Now what you could do with it is questionable. So I guess you'd need to define what your looking for to be specific but you can sniff the traffic and get the MAC of the virtual NIC going across the bridged interface.

As far as resource availability. it's a node on the same LAN so browsing resources would be no different than browsing another physical box on the same network.

All I'm trying to figure out is if the traffic is completely separate for each host and guest. I want to separate the personal traffic from the work traffic.

Thanks for the replies!

ktwebb · Jul 18, 2006

Yes and No I guess. Each virtual NIC, in it's own VM would be localized to it. The other VM's on the host would not see that traffic. The bridged interface on the Host however would see traffic coming across it for each guest VM.

agibby5 · Jul 18, 2006

So the host can see the traffic of the guests but the guests cannot see traffic of other guests or the traffic of the host?

ktwebb · Jul 18, 2006

"So the host can see the traffic of the guests but the guests cannot see traffic of other guests"

Correct

"or the traffic of the host"

That's a good question. My educated guess would be no but it'd be interesting to install a port sniffer on the VM to see. Ethereal is free or even NetMon from the tools folder on your windows CD would accomplish this.

agibby5 · Jul 18, 2006

Originally posted by: ktwebb
That's a good question. My educated guess would be no but it'd be interesting to install a port sniffer on the VM to see. Ethereal is free or even NetMon from the tools folder on your windows CD would accomplish this.

ok, I installed Ethereal... now what do i do with it? How do I use it?

ktwebb · Jul 18, 2006

It's a pretty intuitive application. Not looking at a copy so it's from memory but there will be a drop down menu where "capture" or equivalent will be what you looking for. Once you have started the capture start moving some data. I'd probably download something from the internet on the guest and the host. Unfiltered captures can get pretty big so even something as simple as hitting a webpage or running a send/receive on your email client would be fine. Once you've stopped the capture start looking at the packets. See what you see.

agibby5 · Jul 18, 2006

Originally posted by: ktwebb
It's a pretty intuitive application. Not looking at a copy so it's from memory but there will be a drop down menu where "capture" or equivalent will be what you looking for. Once you have started the capture start moving some data. I'd probably download something from the internet on the guest and the host. Unfiltered captures can get pretty big so even something as simple as hitting a webpage or running a send/receive on your email client would be fine. Once you've stopped the capture start looking at the packets. See what you see.

Ok, I think I ran the capture appropriately. I did nothing on the guest OS while the capture was running. There were 0 total captured packets when using the second device (labeled "NOC Extranet Access Adapter"). I stopped it after 25 minutes. However, the first device ("VMware Accelerated AMD PCNet Adaptor") captured many packets.

How do I interpret this?

ktwebb · Jul 18, 2006

25 seconds is too long. 25 minutes becomes almost useless there is so much going on. Ethereal should be running on the Host machine. Assuming I understand what your trying to find out anyway. All you need to do is run a 10 second cap, then do something on the VM that is bridged to the host NIC. Once you stop the capture see if you see the MAC of the VM machine on the Host NIC cap. If you want specific details then Ethereal help is pretty good at helping you decipher what your looking at.

agibby5 · Jul 18, 2006

Originally posted by: ktwebb
25 seconds is too long. 25 minutes becomes almost useless there is so much going on. Ethereal should be running on the Host machine. Assuming I understand what your trying to find out anyway. All you need to do is run a 10 second cap, then do something on the VM that is bridged to the host NIC. Once you stop the capture see if you see the MAC of the VM machine on the Host NIC cap. If you want specific details then Ethereal help is pretty good at helping you decipher what your looking at.

To summarize again, I want to be able to determine if the guest OS can see the host OS traffic.

ktwebb · Jul 18, 2006

Just reverse it then. You already have the sniffer on the VM. Capture packets on the VMNic and do something on the Host NIC interface. Browse a share, hit a webapage. Whatever. Then just look for the host NIC MAC in the cap. Not much to it.

azev · Jul 19, 2006

the only way to separate work traffic and vm traffic is to have multiple nic card on the machine running vmware. That way you can assign a nic card dedicated just for the vm.

agibby5 · Jul 27, 2006

Originally posted by: ktwebb
Just reverse it then. You already have the sniffer on the VM. Capture packets on the VMNic and do something on the Host NIC interface. Browse a share, hit a webapage. Whatever. Then just look for the host NIC MAC in the cap. Not much to it.

I wasnt able to run the test, as i've been really busy and have been forgetting.

Originally posted by: azev
the only way to separate work traffic and vm traffic is to have multiple nic card on the machine running vmware. That way you can assign a nic card dedicated just for the vm.

The VMware traffic IS the work traffic. I want the host traffic to be completely separate from the vmware traffic. In other words, I dont want the vmware environment to be able to detect or see any of the host traffic.

TG2 · Jul 27, 2006

Not sur eif this helps ya, but when I download an ISO image in the VM machine, my host NIC (in task manager) doesnt show the NIC being used to DL the ISO, and the same thing when I DL an ISO in the host, the VM doesnt see the file being DL'd

agibby5 · Jul 27, 2006

Originally posted by: TG2
Not sur eif this helps ya, but when I download an ISO image in the VM machine, my host NIC (in task manager) doesnt show the NIC being used to DL the ISO, and the same thing when I DL an ISO in the host, the VM doesnt see the file being DL'd

thats exactly what i'm looking for... i'm going to run the test as previoulsy recommended by ktwebb

ktwebb · Jul 27, 2006

"The VMware traffic IS the work traffic. I want the host traffic to be completely separate from the vmware traffic. In other words, I dont want the vmware environment to be able to detect or see any of the host traffic."

What he is suggesting is a solution for you then. You have two NIC's. One will be bridged to the Vm Traffic. The other, you'd dedicate to the traffic the hosts uses natively. Either by static route, protocol binding, application specific command, whatever.

agibby5 · Jul 27, 2006

Originally posted by: ktwebb
It's a pretty intuitive application. Not looking at a copy so it's from memory but there will be a drop down menu where "capture" or equivalent will be what you looking for. Once you have started the capture start moving some data. I'd probably download something from the internet on the guest and the host. Unfiltered captures can get pretty big so even something as simple as hitting a webpage or running a send/receive on your email client would be fine. Once you've stopped the capture start looking at the packets. See what you see.

I ran the test from the host OS that you previously recommended. I went to a website while capturing data from the VM NIC. No traffic was detected. To make sure I was doing it right, I captured data from the host OS NIC while visiting the same site and captured tons of traffic.

Thanks for the help ktwebb and others..

UPDATE: I also installed ethereal on the guest os. I captured data from the NIC within while browsing a site on the host os. No traffic was detected. These results verfiy that the guest cannot see the host traffic, right?

Thanks again!

vmware (virtual machine) bridged networking details

Senior member

Golden Member

Senior member

Member

Banned

Platinum Member

Senior member

Platinum Member

Senior member

Platinum Member

Senior member

Platinum Member

Senior member

Platinum Member

Senior member

Platinum Member

Golden Member

Senior member

Banned

Senior member

Platinum Member

Senior member