Date: Wed, 28 Aug 2013 06:10:05 +0000 From: "C. L. Martinez" <carlopmart@gmail.com> To: freebsd-net@freebsd.org Subject: Re: Options to monitor/sniff network traffic under a vm Message-ID: <CAEjQA5LqJXH7tYmUL=2iABZrfKJkqmkGTLarZ30hJvxe=m5UzA@mail.gmail.com> In-Reply-To: <B8F2D3FA-4359-494A-9A1B-2F046A0DA606@jnielsen.net> References: <5219ECBD.4040209@gmail.com> <B8F2D3FA-4359-494A-9A1B-2F046A0DA606@jnielsen.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 27, 2013 at 10:26 PM, John Nielsen <lists@jnielsen.net> wrote: > On Aug 25, 2013, at 5:38 AM, carlopmart <carlopmart@gmail.com> wrote: > >> I need to monitor/sniff network traffic for three subnets (1 GiB nets) a= nd I need to do this using a virtual guest under an ESXi 5 host (yes, it is= a "handicap"). > > Not sure about your questions below, but doesn't ESXi 5 support port mirr= oring in the virtual switch? That seems like a better place to do most of t= he heavy lifting. You could still attach your FreeBSD instance to the monit= or port(s) for analysis. That would hopefully help at least with a) by redu= cing the number of virtual NICs needed. > Thanks John for your answer, but I can't use distributed switches in this ESXi server because is a standalone server (distributed vswitches are only available when you manage more than tow ESXi servers using clustering features and is the only option to do port mirroring. Using a standalone server you can enable promisc in a vswitch and use an external tap to see all traffic, but that's not the problem actually: I can see all traffic in this freebsd vm). About nics: I can't reduce the number of virtual NICs. I need to use six to monitor six different subnets ... And here is the problem with IRQs.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEjQA5LqJXH7tYmUL=2iABZrfKJkqmkGTLarZ30hJvxe=m5UzA>