Using a Network Packet Analyzer on a VMware vSphere Virtual Network
Why you need Promiscuous ModeNetwork switches use a forwarding table (CAM table on a Cisco switch) to track what Ethernet devices are on what Ethernet port, and only send traffic destined for those devices out that port. By default, protocol analyzers will only see traffic sent from or to the computer they are running on. Very likely, that isn't going to help you to troubleshoot the network, so the common procedure is to perform "port mirroring" or configure "port spanning" (SPAN or RSPAN). This copies all traffic going to or from a particular port (or group of ports or list of VLANs) to a destination port. Then, you would analyze that port with your protocol analyzer.
Promiscuous Mode on the Virtual NetworkBut what happens when the network is virtual? Don't worry, this same process can also be performed on a virtual switch, allowing you to see all traffic traversing a virtual switch or vDS. What you would do is to run a protocol analyzer like Wireshark (free edition) inside a virtual machine and then configure the port group where the VM is connected to be in promiscuous mode, like this:
Reasons to Analyze the Virtual NetworkWhy would you want to analyze the virtual network? Really, the reasons to analyze the virtual network are typically the same reasons you would analyze the physical network. Here are some reasons I have analyzed the virtual network in the past:
- Identify the VM that is over utilizing network bandwidth, causing slowdowns on the virtual (or physical) network
- Find PCs that are infected with worms or viruses
- Troubleshoot malfunctioning network services (DHCP or DNS maybe) or network applications
- Prove that the network is NOT the cause of a problem
- Sniff the network for malicious or unwanted traffic
- and much more...