Sniffing HOST traffic from guest.

This is for discussing general topics about how to use VirtualBox.

Sniffing HOST traffic from guest.

Postby JamesNorris » 6. Jul 2019, 14:45

Hi Team,

I have one use case. Can anyone help me which networking mode of the virtualbox help me execute it ?

I have one windows 64 bit host with ubuntu guest.

Now i want to intercept host traffic from guest, using wireshark. Which networking mode will support it ?

There can be two ways of achieving this,

1) If guest can see all traffic of host,
or
2) If i mirror some specific ports of host to guest.

Any help would be appreciated.
JamesNorris
 
Posts: 2
Joined: 6. Jul 2019, 14:40

Re: Sniffing HOST traffic from guest.

Postby socratis » 6. Jul 2019, 17:05

There's a combination of things that need to be done in order for this to work, it's not an easy one.

Your typical, default NAT works like this:
+-------+    +-------+
| Guest |--> | Host |--> Router -> Internet
+-------+ +-------+
Your Guest *has* to go through the Host, it doesn't work the other way round.

Your Bridged mode means that the Guest is using a Host's NIC to access the Router:
+-------+
| Host |---+-> Router -> Internet
+-------+ |
+-------+ |
| Guest |---+
+-------+

What you're looking for is to "cut" the Host-to-Router connection (red dashes in the diagram above) and establish a Host-to-Guest connection, something that's going to be running as a gateway to your Host:
+-------+
| Host | +-> Router -> Internet
+---+---+ |
| |
+---+---+ |
| Guest |---+
+-------+

That gateway from what I've seen proposed time and time again is called pfSense and it's running in your Guest. Search for "pfSense site:forums.virtualbox.org" and read the instructions in the topics that you'll find.


We should make a HowTo for this someday...
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
socratis
Site Moderator
 
Posts: 24721
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: Sniffing HOST traffic from guest.

Postby JamesNorris » 7. Jul 2019, 09:37

Hi Socratis,

Thank you very much for your reply. I am going to try it today.
JamesNorris
 
Posts: 2
Joined: 6. Jul 2019, 14:40


Return to Using VirtualBox

Who is online

Users browsing this forum: No registered users and 7 guests