Promiscuous Mode on Linux VMware Server Beta

I've been writing about deploying VMware Server Beta on Debian. Today I tried my Sguil VM and found I could not sniff all traffic on lnc1. I could only see broadcast traffic (ARP, DHCP, etc.). That indicated lnc1 was not seeing the physical interface in promiscuous mode.

I have the lnc1 interface corresponding to /dev/vmnet2, which is bridged to eth1 on the Linux host. After checking to be sure eth1 was up and could see all traffic as I expected, I couldn't think of a reason why lnc1 wouldn't see the same. I did not have this problem on Windows when I wrote about it.

Luckily I found this GSX document which said:

GSX Server does not allow the virtual Ethernet adapter to go into promiscuous mode unless the user running GSX Server has permission to make that setting. This follows the standard Linux practice that only root can put a network interface into promiscuous mode.

Well, I have the VMware Server components running as root.

If you want all users to be able to set the virtual Ethernet adapter (/dev/vmnet0 in our example) to promiscuous mode, you can simply run the following command on the host operating system as root.

chmod a+rw /dev/vmnet0

That sounded promising. I looked at my /dev/vmnet* first:

donato:/dev# ls -al vmnet*
crw------- 1 root root 119, 0 Mar 23 08:21 vmnet0
crw------- 1 root root 119, 1 Mar 23 08:21 vmnet1
crw------- 1 root root 119, 2 Mar 23 08:22 vmnet2
crw------- 1 root root 119, 3 Mar 23 08:21 vmnet3
crw------- 1 root root 119, 4 Mar 23 08:21 vmnet4
crw------- 1 root root 119, 5 Mar 23 08:21 vmnet5
crw------- 1 root root 119, 6 Mar 23 08:21 vmnet6
crw------- 1 root root 119, 7 Mar 23 08:21 vmnet7
crw------- 1 root root 119, 8 Mar 23 08:21 vmnet8
crw------- 1 root root 119, 9 Mar 23 08:21 vmnet9

Following the article's advice:

donato:/dev# chmod a+rw /dev/vmnet2
donato:/dev# ls -al vmnet*
crw------- 1 root root 119, 0 Mar 23 08:21 vmnet0
crw------- 1 root root 119, 1 Mar 23 08:21 vmnet1
crw-rw-rw- 1 root root 119, 2 Mar 23 08:22 vmnet2
crw------- 1 root root 119, 3 Mar 23 08:21 vmnet3
crw------- 1 root root 119, 4 Mar 23 08:21 vmnet4
crw------- 1 root root 119, 5 Mar 23 08:21 vmnet5
crw------- 1 root root 119, 6 Mar 23 08:21 vmnet6
crw------- 1 root root 119, 7 Mar 23 08:21 vmnet7
crw------- 1 root root 119, 8 Mar 23 08:21 vmnet8
crw------- 1 root root 119, 9 Mar 23 08:21 vmnet9

Success. Now I can sniff all traffic in promiscuous mode on lnc1.

Comments

Anonymous said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics