I have a test environment setup with 4 VirtualBox guests running CentOS 6. Each has one network device attached to a bridged adapter, which is my primary network connection on my PC, with a static IP address (ranging from 192.168.2.95-98) accessible by any device on my network.
Sometimes I need to be able to analyze packets for one reason or another. At first, I just SSH'ed into my router and used tcpdump to capture all packets from the guests. Well, it's not working as planned…
The only packets that show up using tcpdump is traffic between 98 and other devices on my network besides guests. 98 is the only guest that communicates to other devices on my network (besides SSH traffic); the rest communicate with other guests.
I started out filtering tcpdump by host for each of the guest IP addresses. I ended up stripping it all the way down to dumping everything. Since all the packets go through the network adapter on my PC, I captured all the packets for that card with still no success!
VirtualBox mangles, injects, and removes packets on the adapter when using bridged networking. If the packet is to go to another guest, does VirtualBox keep the packet and forward it on to the appropriate guest? If so, how can I capture those packets?
Best Answer
When you use VirtualBox's bridged networking mode the VirtualBox acts like a virtual switch between your host computer's physical interface and the virtual network. The packets traveling between computers on the virtual network never get to a point in the host networking stack where tcpdump can pick them up, so you can't see that traffic from the host.
You could try to use VirtualBox's built in network tracing feature. This is a debugging tool, but it generates pcap files and is built in an easy to setup. To enable network tracing you can use the
VBoxManagecommand line with the--nictrace*options: