Bug in Latest VMware Server Beta Affects Sguil VM

A bug in the latest VMware Server Beta (22874) affects my newest Sguil VM. I like to deploy the VM so that VM management interface lnc0 is bridged to /dev/vmnet0, and the sniffing interface lnc1 is bridged to /dev/vmnet2. On Linux this means that /dev/vmnet0 corresponds to eth0 and /dev/vmnet2 corresponds to eth1.

You can see in the screen capture at right that my second interface is listed as a "custom" network associated with "VMnet2".

When I tried starting my VM today, I got an error message saying VMnet2 was not available. After some searching I found the following thread discussing the same problem.


The solution is simple. Rather than accept the listing that VMware provides, replace VMnet2 with /dev/vmnet2. The screen capture at left shows this configuration.

Now the VM boots without any problem. Remember to alter permissions on /dev/vmnet2 if you want to use it for promiscuous sniffing. Change permissions when the VM is not booted.

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics