VMWare Switch Is a Hub

While preparing materials for my new class TCP/IP Weapons School I needed to test how the virtual switch in VMware Server behaves. I started three VMs. All had lnc0 interfaces bridged to the host's physical NIC. Two VMs had IPs and assigned. The third VM had no IP assigned. When pinged, the third VM was able to see the ICMP traffic. This means the virtual switch in VMware Server appears to behave like a hub. This makes monitoring traffic easier.


Chris Buechler said…
This is true in VMware Server, GSX, and Workstation, but not in ESX. By default, no machines in ESX can enter promiscuous mode.

This post on the VMTN forums is the best description and howto I've seen on promiscuous mode and ESX.
mrchase said…
OKay in the two products that were mentioned VMWARE acts like a SWUB. An instance on /dev/vmnet1 will not be able to sniff traffic from an instance on /dev/vmnet2

Popular posts from this blog

MITRE ATT&CK Tactics Are Not Tactics

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4