Wireshark cannot see traffic from a VirtualBox guest on Windows 7

Question

I have been trying to use Wireshark to capture some traffic that comes from a virtual machine.

The setup is:

• Windows 7 host
• Ubuntu guest
• VirtualBox 4

I send some packets from the guest to the host or another IP in the host LAN. The packets get there, but Wireshark cannot see them.

I have run Wireshark on both the guest and the host. Curiously, if I send the packet to another computer, the packets are captured without problem in the second machine. I don't understand how I cannot capture the packets in the machine that is sending them.

How should I setup VirtualBox, Windows 7 or Wireshark in order to capture the packets sent by the guest machine?

Answer 1

When guest OS is set up, a network interface is assigned to it.
Is wireshark listening on that interface?
In linux, there is an option to use "any" interface, which listens on all possible network interfaces, but I don't know if such option exists on the windows.

Here is explained that wireshark in windows has difficulties listening on loopback interface, the interface used when machine sends messages to it self.

Answer 2

Configure the Attached to: combo box to Bridged Adapter and set the Promiscuous Mode: combo box to Allow All.

Having done this I'm now seeing all traffic going to/from the guest OS.

Answer 3

I have an idea for solve your issue , too late but hope it help somebody else:)

Create Host-Only Adapter and bridge with your LAN Adapter. run wireshark on LAN Adapter, It will do the work

Answer 4

In my experience Wireshark only sees the host's really external network interfaces. For example, if you use a web browser to look at a web page served by a web-server on the same PC (http://localhost), you can't use Wireshark to look at this traffic.

Similarly, the delivery of data by the VM to the host is local and not directed through a physical NIC. Presumably this provides no structure in the host operating system that looks like a "network interface" to Wireshark.

Answer 5

As of March 18, 2022, Wireshark can capture traffic on the Loopback interface. There is a dashboard when the application opens with a list of network interfaces. Double click on "Adapter for Loopback Traffic Capture". Wireshark needs to use the npcap packet capture library for loopback traffic to be detected.