Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to understand the vmnet between VMware virtual machines". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to understand the vmnet between VMware virtual machines".

Recently, there is a need to grab data packets between two virtual machines in VMware. It would be fine to open a Wireshark directly on the virtual machine, but the target software is very coquettish, and incorrect operations will be carried out after detecting services such as pcap, so packet grabbing needs to be performed on the hen.

So Wireshark is opened on the hen as usual, and the interface is on the WiFi of eth0. OK, after the software is running on the virtual machine, execute... There are no suspicious packets on the hen's Wireshark. I don't believe in evil anymore. I'll check all the interfaces and try again. There are still no suspicious packets.

What's the problem?. So I took a look at ifconfig and found these two interfaces.

Vmnet1: flags=8863 mtu 1500 ether 00:50:56:c0:00:01 inet 192.168.198.1 netmask 0xffffff00 broadcast 192.168.198.255vmnet8: flags=8863 mtu 1500 ether 00:50:56:c0:00:08 inet 172.16.145.1 netmask 0xffffff00 broadcast 172.16.145.255

These two interfaces are supposed to be virtual interfaces of VMware, but there are no interfaces on Wireshark at all. After consulting G Niang, I found this link,etung and replied that he did not know how the bottom layer of Wireshark worked, but the interface of VMware did not have the same features as BPF. This may be the reason why Wireshark doesn't work, but you can try vmnet-sniffer to help you with your work.

I use VMware Fusion under Mac, and the corresponding vmnet-sniffer is under / Applications/VMware Fusion.app/Contents/Library. You can cd to the corresponding directory or ln it directly to / usr/bin.

You can see its usage directly.

[realityone@rEimu / Applications/VMware Fusion.app/Contents/Library] $. / vmnet-snifferusage:. / vmnet-sniffer [- eP] [- w file] if-e: show ethernet header-w: output in raw format to specified file (readable by tcpdump/ethereal)

The pit I want to mention here is that I don't know exactly why. The vmnet1 and vmnet8 seen under ifconfig are not the interfaces that my virtual machine really uses, and there are no suspicious packets when I sniff these two interfaces, so what is the interface that the virtual machine really uses?

After groping, I came to the directory of the virtual machine file, and there is a .vmx file, which should be the configuration file of the virtual machine (? ), open it in an editor, scroll to the bottom, and you can see something similar to the following:

Checkpoint.vmState.readOnly = "FALSE" checkpoint.vmState = "Windows XP Professional-bf7a100f.vmss" cleanShutdown = "TRUE" ethernet0.vnet = "vmnet2" ethernet0.bsdName = "en1" ethernet0.displayName = "Wi-Fi"

We found a wild port, vmnet2, and try it right away:

[realityone@rEimu / Applications/VMware Fusion.app/Contents/Library] $sudo. / vmnet-sniffer-e-w / Desktop/vmnet2.pcap vmnet2Password: len 89 src 88:1f:a1:1a:3a:c4 dst 01:00:5e:00:00:fb IP src 192.168.1.148 dst 224.0.251 UDP src port 5353 dst port 5353len 109 src 88:1f:a1:1a:3a:c4 dst 33:33:00:00:00:fb IPv6 src fe80::8a1f:a1ff: Fe1a:3ac4 dst ff02::fb UDP src port 5353 dst port 5353len 110 src 00:0c:29:27:07:12 dst ff:ff:ff:ff:ff:ff IP src 192.168.1.136 dst 192.168.1.255 UDP src port 137 dst port 137len 175 src 88:1f:a1:1a:3a:c4 dst 01:00:5e:00:00:fb IP src 192.168.1.148 dst 224.0.0.251 UDP src port 5353 dst port 5353

Well, what we see now is what we need.

One more thing to mention is that don't forget the output file under chown $USER, because we used sudo to do it before (why use sudo, because you don't have access to those interfaces without root)

Thank you for your reading, the above is the content of "how to understand the vmnet between VMware virtual machines". After the study of this article, I believe you have a deeper understanding of how to understand the vmnet between VMware virtual machines, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.