Tuesday 31 May 2011

VMware on Linux: Promiscuous Mode

When VMware Workstation is hosted under Linux, by default it doesn't allow VM Guests to access the network in Promiscuous mode.  There's an easy fix for this...

If you run something like Wireshark from a VM Guest, you'll see VMware display an error message.

The problem lies with the permissions on the Host.  When VMware is started without root privileges, it doesn't have the permissions necessary to access the /dev/vmnet0 device.

A quick temporary bodge is to use chgrp and chmod on the Host, to tweak the permissions on /dev/vmnet* until the next reboot (where YourGroup is a group that your user account is in - typically adm on my Ubuntu machines):
   chgrp YourGroup /dev/vmnet*
   chmod g+rw /dev/vmnet*

A more permanent fix is to edit /etc/init.d/vmware on the Host, and tweak the ownership and permissions when the device is created, by adding the lines in red:
  # Start the virtual ethernet kernel service
   vmwareStartVmnet() {
      vmwareLoadModule $vnet
      "$BINDIR"/vmware-networks --start >> $VNETLIB_LOG 2>&1
      chgrp adm  /dev/vmnet*
      chmod g+rw /dev/vmnet*

After you restart the Host's VMware daemon ...

   /etc/init.d/vmware stop
   /etc/init.d/vmware start

you'll be able to boot your Guest VM, and use Wireshark or whatever in the Guest.  Just Remember!   Your VM Guest's Network Adapter must be set to BRIDGED (connected directly to the physical network), not NAT (used to share the host's IP address).

Aside: I did think it ought be possible to achieve the same effect a little more cleanly, by creating a file in /etc/udev/rules.d to set the desired ownership and permission modes for /dev/vmnet*.  But nothing I've tried has worked.  Anyone?
Posted by Martin at 18:22
Labels:

7 comments:

  1. ZekkeRJ14 September 2011 at 21:51

    Hi Martin,

    I've tried to write an UDEV rule to control the ownership and mode of the created devices, and even saw that UDEV recognized my rule, but the files still got owned by root:root and mode 0600.

    Seems that "vmware-networks" force these permissions on the device files.

    ReplyDelete
  2. Ajay Sharma13 January 2012 at 12:50

    Hi Martin,

    I bought a pair of power line adapters and wanted to configure them. The software utility to configure the adapters only works on Windows and I only had a Windows 7 instance in a VM running on Ubuntu. The software installed winpcap which required setting the card in promiscuous mode. After struggling for several hours, I came across your blog. I followed your instructions exactly and after a couple of tries it worked perfectly. Thank you very much the help.

    Cheers
    Ajay

    ReplyDelete
  3. Anonymous25 April 2012 at 05:54

    Thanks! I spent two days trying to debug this.

    ReplyDelete
  4. Anonymous29 May 2012 at 16:54

    Thanks, It have worked for me even if the guest's network, was on Host mode .

    ReplyDelete
  5. Unknown17 December 2012 at 08:12

    Thanks for your post, you have save me a lot of time :)

    ReplyDelete
  6. Hesham Mekky3 February 2013 at 20:16

    Why it should be set to bridget and not nat? Why it won't work for nat "vmnet8" device?

    Thanks for the great post.

    ReplyDelete
  7. Martin4 February 2013 at 08:09

    Hi Hesham. I wasn't sure that promiscuous mode would actually work in NAT mode, but maybe it would be OK. Generally I try to avoid NAT where it's not strictly necessary, as it can make some protocols less reliable. Also my day job is security testing, where NAT is not appropriate because it could reduce accuracy of scan results.

    Cheers

    - Martin

    ReplyDelete

Spammers: please stop wasting my time. All comments are moderated before publication.

Subscribe to: Post Comments (Atom)