Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Wireshark on a Windows XP VMware?

From: Sake Blok <sake@xxxxxxxxxx>
Date: Fri, 14 Dec 2007 16:59:59 +0100
On Fri, Dec 14, 2007 at 07:23:22AM -0800, Raymond Jender wrote:
> 
> Are there any known issues when running Wireshark on 
> a Windows XP VMware Guest?

Not to me...

> I am running Ubuntu 6.10 host. I have Wireshark
> 0.99.6a installed on a Windows XP VMware Guest.
> 
> I also have Wireshark on the host Ubuntu. If I ping a
> device on the network from the VMware Wireshark, I can
> see the ICMP on both Wiresharks.

As the packets are created in the GuestOS and then transferred
through the GuestOS (virtual) NIC to the HostOS and then through 
the HostOS NIC to the network, the Wiresharks on both the
HostOS and the GuestOS will be seeing the packets.

> If I ping the same
> device from the Ubuntu Wireshark, I can only see the
> packets on the Ubuntu Wireshark. I never see TCP
> traffic on the VMware Wireshark but I do on the Ubuntu
> Wireshark. This is not an IP assignment issue on the
> Ubuntu and VMware interfaces.

Then you must be using a NAT or HOST-only network adapter to your
WinXP Guest. Since these adapters simulate switches. The normal
capture limitations that switches have, also apply to these
virtual NIC's

You will see HostOS traffic on the GuestOS only if you use a bridged 
virtual NIC in the GuestOS.

Hope this helps,
Cheers,
    Sake