Sniff network traffic from PVS server to Target Device on Hyper-V host

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

In previous post I show how to troubleshoot Target Device (TD) boot process. But sometimes you have to check how network traffic looks between PVS server and TD looks like. To to this we can use “port mirroring” feature. It’s available on all 3 main hypervisors (VMware vSphrere, Microsoft Hyper-V and Citrix XenServer). I will show how to do this on Hyper-V host. We will also use Microsoft Network Monitor to capture network traffic. You have to install Network Monitor on a server, when you will analyze traffic.

We have 2 servers:

  • Server from which we want to sniff network traffic – source
  • Server, wher we will capture and analyze traffice – destination

Let’s begin:

1. Make sure, that both servers (source and destination) are on the same Hyper-V host

2. Go to Hyper-V Manager and connect to a host

3. Select source VM and go to Settings. Select network interface you want to sniff and chose “Advanced features”. In “port mirroring” section chose Source mode.

port_mirroring_01

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

4. Select destination VM and go to Settings. Select network interface to which you want to redirect traffic and chose “Advanced features”. In “port mirroring” section chose Destination mode.

port_mirroring_02
5. Login to destination server and start Network Monitor.

6. In Capture Settings select Network interface and check “P-Mode” option. It’s very important, to enable promiscuous mode. In normal operation network interface accepts only frames where destination MAC address  is the same as it’s own MAC address. When you want to sniff traffic from other host you have to accept all frames from the wire.

port_mirroring_03

7. Start tracing. In filter windows you can enter “ethernet.address == destination_MAC_address” (see on the screen) to filer traffic from your sniffed machine.

port_mirroring_04

I used this method to verify long booting TD from PVS server on Hyper-V hosts. You can read about it here.

Post author

Leave a Reply