Setup Port Mirroring in HYPER-V to Monitoring Traffic

Port Mirroring is a method that used to monitoring network traffic. When port mirroring enable in a switch port then sends a copy of all packets hitting one specific port to another. where the packet can then picked up and analyzed.

For Network engineers this method is a tool to monitoring traffic from Servers. They can use it in Physical Switches with Physical Servers and Workstations. 

But how can monitoring and analyze network traffic from a Virtual Machine?

You can't install monitoring tools like Wireshark in Production Servers and Virtual Machines to analyze the Traffic. You will have problems in performance and you never know.

Here come to explain how can use the Port Mirroring in HYPERV and monitoring traffic from specific Virtual Machine..

> Video : Implementing Windows Server 2016 Hyper-V by Greg Shields (MVP)

I will use 2 Virtual Machine to give you an example and understand how port mirroring works in HYPERV 

  1. Windows10 = Virtual Machine which has install monitoring software like wireshark , Microsoft Message Analyzer.
    Ip Address:
    192.168.1.131
  2. WindowsServer2012 = Virtual Machine which need to monitoring the traffic.
    Ip Address: 192.168.1.100

 

Step 1 - Install Monitoring software Wireshark and check how performs

  • Download wireshark from https://www.wireshark.org/download.html
  • Proceed with the installation which is very easy.
  • After install the Wireshark open it and double click in the Interface that use for the LAN Connectivity to start capture the Traffic.

  • In the bottom where say Apply a filter type icmp and click in arrow from the right side.
  • I ping the HYPERV Host in 192.168.1.12. See the traffic.

  • Login in WindowsServer2012 and start ping the HYPERV Host.
  • In my Lab the HYPERV Host has Ip Address 192.168.1.12.
  • Go back in Windows10 and check if you can see any traffic. Nope you can't see

Step 2 - Enable Port Mirroring in HYPER-V

  • Open HYPERV Manager and Select the Virtual Machine that you have install the Monitoring Traffic Software. In this scenario is the Windows 10 Enterprise.
  • Go in the right side and click Settings.

  • Find and expand the Network Adapter.
  • Click in Advance Features.
  • Go down and in Mirroring Mode select Destination.Click OK

  • Now find the Virtual Machine that you want to monitoring the traffic. In this scenario is the Windows Server 2012-DC
  • Go in the right side and click Settings.

  • Find and expand the Network Adapter.
  • Click in Advance Features.
  • Go down and in Mirroring Mode select Source.Click OK

Step 3 - Verify that the Port Mirroring Works.

  • Login in the Virtual Machine that you have install Monitoring Traffic Software. In this scenario is the Windows10
  • Open the Wireshark and filter it with icmp.
  • Go back in Windows2012 and ping the HYPERV Host which is the 192.168.1.12

  • Let's go back in Windows10 and check the wireshark.
  • You can see the traffic from Windows2012 in the Wireshark.

This is how works Port Mirroring in HYPERV

It's very easy to configure in HYPERV if you want to monitoring and troubleshoot network issues with one of your Virtual Machines.

I hope to find intresting the article.

How are you troubleshoot network issues of your Virtual Machines?  Do you comments in our commented system and help other IT Pro.

Have a nice weekend !

 

 

 

Tags
Disqus Comments