Reputation: 23
Security Onion monitor interface in vmware
I am following the security onion docs and am using vmware. I created the 2nd network adapter and set it to bridged for the monitor interface, ran the setup, selected evaluation mode, and setup the network interfaces.
My monitor interface does not see any traffic, I used wireshark to to test both interfaces and the management interface sees the traffic but the monitor interface does not. Has anyone else come across this issue?
Upvotes: 1
Views: 704
Answers (1)
Reputation: 13
Would be useful if you'll provide your Host OS, and versions of OS, VMWare and Security Onion- to be clear from the start and helpful for any future requests.
Out of assumption that you are using MAC-I may say it may be a known issue, see: https://docs.vmware.com/en/VMware-Fusion/12/rn/VMware-Fusion-12-Release-Notes.html#knownissues
-here is short excerpt from it:
"Users are unable to capture transfer packets in the same subnet of a virtual network inside a virtual machine.
Virtual machine's virtual interface doesn't report packet exchanges between other virtual machines in the same subnet on Big Sur hosts.
Workaround: Use the virtual interface on the host to capture traffic information in the subnet. For example, use the interface bridge100 on macOS host to capture the traffic in the subnet"
It was reported as a known issue in Fusion 12.0, but it isn't listed in the Resolved Issues for 12.1, so it so safe to assume that it is known pending issue by now.
Upvotes: 1
Related Questions
- sniffing packets from different VM's in Oracle VM VirtualBox
- Get network usage from vmware.vim.vimclient
- how to use VxWorks etherOutputHookAdd
- Virtual machine and kernel communication using netlink
- Packet sniffer in C for all VM
- Capture live network traffic from a virtual machine using python
- Communication with a VMWare guest system without network
- Capturing Vagrant Network Traffic
- Capturing host IP in VMWare
- VMWare - network applications