Sniffing/tracing network traffic with shared networking

Discussion in 'Installation and Configuration of Parallels Desktop' started by mpdude, Jun 12, 2008.

  1. mpdude

    mpdude Junior Member

    Messages:
    11
    Dear all,

    I need to trace network traffic in shared networking mode between my guest OS and Mac OS. IIRC this has always been working in the past, for example by running a "sudo tcpdump -i en3" in the Mac OS terminal where en3 is the shared networking interface.

    With the more recent Parallels builds, as soon as Parallels is started no more traffic can be observed on en3. When Parallels terminates, traffic shows up again.

    Are there any changes in the newer builds that explain that?

    -mp.
     
  2. John@Parallels

    John@Parallels Forum Maven

    Messages:
    6,333
    Are you using 5600 build?, if yes please install 5608
    No there is no change, I can see traffic,
    Maybe you can try network monitor from Windows XP side and check what does it show?
     
  3. mpdude

    mpdude Junior Member

    Messages:
    11
    I tried both builds with no success.

    Using Wireshark I can see the packets from Windows. Unfortunately I need to use a tool under Mac OS :-(.

    Here's what I tried:

    - Open two terminal sessions under Mac OS.
    - In one terminal, run "sudo tcpdump -i en3"; adjust en3 to be the shared networking interface in MacOS.
    - In the other terminal, run "ping 10.211.55.5"; adjust that to be the IP address of the Windows guest OS.
    - Observe echo requests in tcpdump.
    - Start Parallels and the virtual machine. tcpdump only shows NBT broadcasts from time to time.
    - Stop/Quit Parallels. The echo requests appear again.

    Does it make any difference if I have additional network cards configured in the virtual machine (for bridged networking, for example)?
     
  4. John@Parallels

    John@Parallels Forum Maven

    Messages:
    6,333
    Try first ipconfig in Windows, than ping that IP from Mac
     
  5. mpdude

    mpdude Junior Member

    Messages:
    11
    It makes no difference - whether I ping the Mac or Windows interface in the shared network, tcpdump does not see the ICMP traffic.

    The only thing tcpdump saw when pinging the Windows IP from Mac was

    11:22:52.147961 arp who-has 10.211.55.5 tell 10.211.55.3

    i. e. the ARP lookup sent by Windows to find the Mac interface. (That is a layer 2 broadcast, and as stated above, layer 3 NBT broadcasts can be seen as well...)
     
  6. John@Parallels

    John@Parallels Forum Maven

    Messages:
    6,333
    By default Windows XP blocks ICMP traffic, please make sure that you allowed ICMP traffic in Windows XP Firewall
     
  7. mpdude

    mpdude Junior Member

    Messages:
    11
    Windows firewall is disabled, but even if it blocks the ICMP traffic, you should see the ICMP echo requests sent from Mac OS.

    Anyway, using ICMP (ping) was just an example. For example, try requesting a web page from the guest OS from a webserver running in the host OS on the shared network - you don't see that traffic either.
     
  8. John@Parallels

    John@Parallels Forum Maven

    Messages:
    6,333
    The problem is that I can see dump in real time

    Antivirus on Windows XP or Mac?
     
  9. mpdude

    mpdude Junior Member

    Messages:
    11
    No, nothing... :-( Thanks for working on it!

    I have tried different Parallels installations (we have several Macs here) with different virtual machines and none of them seems to work.

    Might the virtual machine setup (one or more virtual network interfaces, shared/host-only/bridged mode) be of any importance?

    Thanks!
     
  10. mpdude

    mpdude Junior Member

    Messages:
    11
    Just found another thread that describes the same problems/symptoms.
     
  11. John@Parallels

    John@Parallels Forum Maven

    Messages:
    6,333
    The link points to itself :)
     
  12. John@Parallels

    John@Parallels Forum Maven

    Messages:
    6,333
    We are checking it now
     
  13. krazzer

    krazzer Junior Member

    Messages:
    11
  14. mpdude

    mpdude Junior Member

    Messages:
    11
  15. John@Parallels

    John@Parallels Forum Maven

    Messages:
    6,333
    Thank you, we are investigating this problem for now
     
  16. gorrs

    gorrs Bit poster

    Messages:
    7
    hm.. I think you can try ProteMac Meter
     

Share This Page