Wireshark-users: [Wireshark-users] capturing traffic on a virtual interface
From: Brian K <knairb01@xxxxxxxxx>
Date: Wed, 29 Jul 2009 18:21:17 -0700 (PDT)
I have a 32-bit Vista virtual machine managed by Virtual PC running on a 64-bit Vista host. I have created a virtual NIC, which appears, I assume because it's the default, as Intel DC21140 PCI Fast Ethernet Adapter. The IP address I assigned to this NIC is 10.0.0.2. I am serving a Turbogears test website on this address from the VM, and can view the website in a browser on the VM. I can't, however, capture in Wireshark the HTTP traffic that is being sent. Is it possible to capture this traffic?
I have pasted below the results of "route print" and "arp -a". Thanks for your help.
C:\Windows\system32>route print
===========================================================================
Interface List
15 ...00 03 ff fd f2 2b ...... Intel 21140-Based PCI Fast Ethernet Adapter (Emu
lated) #2
13 ...02 00 4c 4f 4f 50 ...... Microsoft Loopback Adapter
10 ...00 03 ff fc f2 2b ...... Intel 21140-Based PCI Fast Ethernet Adapter (Emu
lated)
1 ........................... Software Loopback Interface 1
11 ...00 00 00 00 00 00 00 e0 isatap.{9ADD1689-190D-4A23-8E20-CC7508093C24}
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{CAB0492A-1718-4291-9E7F-BE73E63ADA70}
17 ...00 00 00 00 00 00 00 e0 isatap.{F094F3F2-FF0F-4DE0-B65D-C19492C0B26A}
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.131.254 192.168.131.65 10
10.0.0.0 255.255.255.0 On-link 10.0.0.10 266
10.0.0.2 255.255.255.255 On-link 10.0.0.2 266
10.0.0.10 255.255.255.255 On-link 10.0.0.10 266
10.0.0.255 255.255.255.255 On-link 10.0.0.10 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.131.0 255.255.255.0 On-link 192.168.131.65 266
192.168.131.65 255.255.255.255 On-link 192.168.131.65 266
192.168.131.255 255.255.255.255 On-link 192.168.131.65 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.10 266
224.0.0.0 240.0.0.0 On-link 10.0.0.2 266
224.0.0.0 240.0.0.0 On-link 192.168.131.65 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.10 266
255.255.255.255 255.255.255.255 On-link 10.0.0.2 266
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 266 ::ffff:10.0.0.0/120 On-link
13 266 ::ffff:10.0.0.10/128 On-link
13 266 fe80::/64 On-link
15 266 fe80::/64 On-link
10 266 fe80::/64 On-link
13 266 fe80::4c17:82c8:6bb8:dd06/128
On-link
15 266 fe80::7883:1cf9:9e09:7cd5/128
On-link
10 266 fe80::e8c0:1c:ec2c:2137/128
On-link
1 306 ff00::/8 On-link
13 266 ff00::/8 On-link
15 266 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\Windows\system32>arp -a
Interface: 192.168.131.65 --- 0xa
Internet Address Physical Address Type
192.168.131.254 00-03-ff-ff-ff-ff dynamic
192.168.131.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
Interface: 10.0.0.10 --- 0xd
Internet Address Physical Address Type
10.0.0.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
Interface: 10.0.0.2 --- 0xf
Internet Address Physical Address Type
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
I have pasted below the results of "route print" and "arp -a". Thanks for your help.
C:\Windows\system32>route print
===========================================================================
Interface List
15 ...00 03 ff fd f2 2b ...... Intel 21140-Based PCI Fast Ethernet Adapter (Emu
lated) #2
13 ...02 00 4c 4f 4f 50 ...... Microsoft Loopback Adapter
10 ...00 03 ff fc f2 2b ...... Intel 21140-Based PCI Fast Ethernet Adapter (Emu
lated)
1 ........................... Software Loopback Interface 1
11 ...00 00 00 00 00 00 00 e0 isatap.{9ADD1689-190D-4A23-8E20-CC7508093C24}
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{CAB0492A-1718-4291-9E7F-BE73E63ADA70}
17 ...00 00 00 00 00 00 00 e0 isatap.{F094F3F2-FF0F-4DE0-B65D-C19492C0B26A}
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.131.254 192.168.131.65 10
10.0.0.0 255.255.255.0 On-link 10.0.0.10 266
10.0.0.2 255.255.255.255 On-link 10.0.0.2 266
10.0.0.10 255.255.255.255 On-link 10.0.0.10 266
10.0.0.255 255.255.255.255 On-link 10.0.0.10 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.131.0 255.255.255.0 On-link 192.168.131.65 266
192.168.131.65 255.255.255.255 On-link 192.168.131.65 266
192.168.131.255 255.255.255.255 On-link 192.168.131.65 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.10 266
224.0.0.0 240.0.0.0 On-link 10.0.0.2 266
224.0.0.0 240.0.0.0 On-link 192.168.131.65 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.10 266
255.255.255.255 255.255.255.255 On-link 10.0.0.2 266
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 266 ::ffff:10.0.0.0/120 On-link
13 266 ::ffff:10.0.0.10/128 On-link
13 266 fe80::/64 On-link
15 266 fe80::/64 On-link
10 266 fe80::/64 On-link
13 266 fe80::4c17:82c8:6bb8:dd06/128
On-link
15 266 fe80::7883:1cf9:9e09:7cd5/128
On-link
10 266 fe80::e8c0:1c:ec2c:2137/128
On-link
1 306 ff00::/8 On-link
13 266 ff00::/8 On-link
15 266 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\Windows\system32>arp -a
Interface: 192.168.131.65 --- 0xa
Internet Address Physical Address Type
192.168.131.254 00-03-ff-ff-ff-ff dynamic
192.168.131.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
Interface: 10.0.0.10 --- 0xd
Internet Address Physical Address Type
10.0.0.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
Interface: 10.0.0.2 --- 0xf
Internet Address Physical Address Type
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
- Follow-Ups:
- Re: [Wireshark-users] capturing traffic on a virtual interface
- From: Sake Blok
- Re: [Wireshark-users] capturing traffic on a virtual interface
- Prev by Date: Re: [Wireshark-users] What does it mean the "Mark" string under theinfo in RTP packets?
- Next by Date: [Wireshark-users] Length reported in UDP header
- Previous by thread: Re: [Wireshark-users] What does it mean the "Mark" string under theinfo in RTP packets?
- Next by thread: Re: [Wireshark-users] capturing traffic on a virtual interface
- Index(es):