Date: Wed, 28 Aug 2013 06:10:05 +0000 From: "C. L. Martinez" <carlopmart@gmail.com> To: freebsd-net@freebsd.org Subject: Re: Options to monitor/sniff network traffic under a vm Message-ID: <CAEjQA5LqJXH7tYmUL=2iABZrfKJkqmkGTLarZ30hJvxe=m5UzA@mail.gmail.com> In-Reply-To: <B8F2D3FA-4359-494A-9A1B-2F046A0DA606@jnielsen.net> References: <5219ECBD.4040209@gmail.com> <B8F2D3FA-4359-494A-9A1B-2F046A0DA606@jnielsen.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 27, 2013 at 10:26 PM, John Nielsen <lists@jnielsen.net> wrote: > On Aug 25, 2013, at 5:38 AM, carlopmart <carlopmart@gmail.com> wrote: > >> I need to monitor/sniff network traffic for three subnets (1 GiB nets) and I need to do this using a virtual guest under an ESXi 5 host (yes, it is a "handicap"). > > Not sure about your questions below, but doesn't ESXi 5 support port mirroring in the virtual switch? That seems like a better place to do most of the heavy lifting. You could still attach your FreeBSD instance to the monitor port(s) for analysis. That would hopefully help at least with a) by reducing the number of virtual NICs needed. > Thanks John for your answer, but I can't use distributed switches in this ESXi server because is a standalone server (distributed vswitches are only available when you manage more than tow ESXi servers using clustering features and is the only option to do port mirroring. Using a standalone server you can enable promisc in a vswitch and use an external tap to see all traffic, but that's not the problem actually: I can see all traffic in this freebsd vm). About nics: I can't reduce the number of virtual NICs. I need to use six to monitor six different subnets ... And here is the problem with IRQs.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEjQA5LqJXH7tYmUL=2iABZrfKJkqmkGTLarZ30hJvxe=m5UzA>