virtualbox.org

I want to asses downloads for malicious malware by installing them on a virtual machine and then using wireshark on the host computer or in another virtual machine to monitor network traffic.

I can't seem to make it work: The packets to and from the virtual machine seem to be invisible.

Just wondering if anyone else is using virtual machines for this purpose and if they can help me get it working please

worksofcraft wrote:I want to asses downloads for malicious malware by installing them on a virtual machine and then using wireshark on the host computer or in another virtual machine to monitor network traffic.

I can't seem to make it work: The packets to and from the virtual machine seem to be invisible.

Just wondering if anyone else is using virtual machines for this purpose and if they can help me get it working please

Are you using "Bridged NIC"?

kebabbert wrote: Are you using "Bridged NIC"?

Yes. I want it to look as much as possible like a real machine plugged into a simple network hub.
The snap shot facilities of Virtualbox are essential to restore it to a known state for each test.

I found similar ideas for this on the internet but none with a solution yet

That should work if the guest is using bridged mode. I regularly use Network Monitor on the host to monitor traffic and the vms all behave normally. I can't see why wireshark would be any different.

Here is an extract from the output. Win7x64 is a virtual machine.

BillG wrote:That should work if the guest is using bridged mode. I regularly use Network Monitor on the host to monitor traffic and the vms all behave normally. I can't see why wireshark would be any different.

You are right, Microsoft Network Monitor works just fine!
It must be a wireshark problem... oh well I will start using Network Monitor then, thanks