Thursday 13 December 2012

VMware on Linux : Running in Permiscuous Mode


 VMware on Linux: Promiscuous Mode

When VMware Workstation is hosted under Linux, by default it doesn't allow VM Guests to access the network in Promiscuous mode.  There's an easy fix for this...

If you run something like Wireshark from a VM Guest, you'll see VMware display an error message.

The problem lies with the permissions on the Host.  When VMware is started without root privileges, it doesn't have the permissions necessary to access the /dev/vmnet0 device.

A quick temporary bodge is to use chgrp and chmod on the Host, to tweak the permissions on /dev/vmnet* until the next reboot (where yourgroup is a group that your user account is in - typically admin on my Ubuntu machines):
   chgrp yourgroup /dev/vmnet*
   chmod g+rw /dev/vmnet*

A more permanent fix is to edit /etc/init.d/vmware on the Host, and tweak the ownership and permissions when the device is created, by adding the lines in red:
  # Start the virtual ethernet kernel service
   vmwareStartVmnet() {
      vmwareLoadModule $vnet
      "$BINDIR"/vmware-networks --start >> $VNETLIB_LOG 2>&1
      chgrp yourgroup  /dev/vmnet*
      chmod g+rw /dev/vmnet*

After you restart the Host's VMware daemon ...

   /etc/init.d/vmware stop
   /etc/init.d/vmware start

you'll be able to boot your Guest VM, and use Wireshark or whatever in the Guest.  Just Remember!   Your VM Guest's Network Adapter must be set to BRIDGED (connected directly to the physical network), not NAT (used to share the host's IP address).

Aside: I did think it ought be possible to achieve the same effect a little more cleanly, by creating a file in /etc/udev/rules.d to set the desired ownership and permission modes for /dev/vmnet*.  But nothing I've tried has worked.  Anyone?

No comments:

Post a Comment

How to check for open ports on Linux

Checking for open ports is among the first steps to secure your device. Listening services may be the entrance for attackers who may exploit...