Wireshark-users: Re: [Wireshark-users] wireshark and virtual ethernet adapters by parallels

From: Matthias Steinböck <grillen@xxxxxxxxxxxxxx>
Date: Thu, 10 Sep 2009 22:24:06 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hey!

thanks for the quick answer and sorry that i come up with one so late!

en2 is the virtual interface on the host system. unfortunately wireshark does not detect any traffic. in my case i try to capture packages sent by a flash application to where flash runs on the host (mac) and apache on a ubuntu guest machine.

the host (mac os x en2) interface has the ip 10.211.55.2
the client (ubuntu eth0) interface has the ip 10.211.55.4

a trace from mac to ubuntu has only one hop:

xxxx:~ xx$ traceroute 10.211.55.4
traceroute to 10.211.55.4 (10.211.55.4), 64 hops max, 40 byte packets
 1  localghost (10.211.55.4)  0.684 ms  0.381 ms  0.302 ms

the other way round:

xxx@xxx:/..../$ tracepath 10.211.55.2
1:  10.211.55.4 (10.211.55.4)               0.330ms pmtu 1500
1:  10.211.55.2 (10.211.55.2)               0.558ms reached
1:  10.211.55.2 (10.211.55.2)               0.558ms reached
    Resume: pmtu 1500 hops 1 back 64

i don't know how to capture packages between these two interfaces...

is wireshark the wrong tool for this problem?

thanks again!


- --
Matthias Steinböck

GPG/PGP: BCEA 960C 5269 559D 4EA8  943C 187D A0F3 3D32 9D69
wwwkeys.at.pgp.net

Am 09.09.2009 um 16:07 schrieb Zhenyu Zhao:

The packets between the two systems don't go through the physical interface. You could try to run sniffers on the guest system first. Alternatively you could try to run sniffers against the virtual interface on the host system.

Zhen

On Wed, 9 Sep 2009, Matthias Steinböck wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi all!

does anybody has allready tried to capture packages sent between mac
os x and a guest system running under parallels?

parallels creates an interface:

en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST>
mtu 1500
	inet6 fe80::21c:42ff:fe00:8%en2 prefixlen 64 scopeid 0x7
	inet 10.211.55.2 netmask 0xffffff00 broadcast 10.211.55.255
	ether 00:1c:42:00:00:08
	media: autoselect status: active
	supported media: autoselect

and the guest system has the ip-address 10.211.55.4

so i thought i should be able to capture packages sent between the
systems by capturing en2 but wireshark doesn't see any packages.
does anybody has an idea how i could capture them (parallels runs
under mac os x)?

thanks in advance
- --
Matthias Steinböck

GPG/PGP: BCEA 960C 5269 559D 4EA8  943C 187D A0F3 3D32 9D69
wwwkeys.at.pgp.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)

iD8DBQFKp0fXGH2g8z0ynWkRAnUGAKCMo7OAwb0B9+OBJlnrnufo6bZ4QQCgiT6m
iM8v1gjYRLxl39wgzChvQzc=
=xmC4
-----END PGP SIGNATURE-----

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx >
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
           mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)

iD8DBQFKqWBqGH2g8z0ynWkRAjEoAJ0drg0xxHEwuEY67KeFfIg5UTftagCaAx+u
BtZVQssGok/GbO9XAgZmsVM=
=L5oL
-----END PGP SIGNATURE-----