Using a virtual machine as a network tap on a mac server

hoping for the virtual machine to be a 'network tap'.

configuration is an intel mac with an airport card and several usb nics. The airport card is for connectivity to the internet. the usb nics provide connectivity to the local lan. internet sharing is used on the mac to distribute internet access and the mac is also a file repository.

Internet sharing on the mac results in a dhcp serving addresses in a different class c for each nic-so one nic for example will get 192.168.2.x, the next nic gets 192.168.3.x, etc. This allows each nic to service a whole lan segment. Wireshark installed on the mac sees all interfaces and allows monitoring of traffic. I do not want to run wireshark natively on the mac. It's a production machine and messing around with the bare metal is discouraged. A virtual appliance is perceived as safer (even though it may not be, i cannot convince the responsible higher ups)

So, vmware fusion is set up on the mac to run an instance of windows xp sp3. wireshark is installed on windows.in this configuration, wireshark only sees the airport but not the usb nics. The network adapters are set up in bridged mode on vmware. Is there a tutorial that clarifies setup for the nics in fusion and the proper ip addresses they should have in windows? Should they be bridged there as well? If i use the same ip as that used on the mac, obviously i get an ip address conflict.

I was hoping for the virtual machine to be a 'network tap' but it's having trouble seeing the nics, let alone the traffic that is not even destined for it. i guess another way to solve this problem is to get the traffic to go through the xp instance. XP would need a dhcp server running. This dhcp server would service the nics. i tried tftpd but that is a little too rudimentary- it does not see the virtual interfaces. i'll keep looking but need some enlightenment.

please be gentle.