[SOLVED] Proxmox Linux Bridge Wireshark Promiscuous Mode

O

ozzyizzy

New Member
Aug 21, 2025
2
0
1
Hi all,

i am struggeling within my DemoLab.
Let me share a short graph to visualize it.

1755793495633.png

I run a small server, where the free edition of proxmox is installed.
The server has 2 NICs: enp1 and enp2
I run some VMs:

- a Kali Linux with Wireshark
- 2 Linux Lite as Demo VMs
- 1 Network IDS System (NDR). Yellow Line is for Management.

So every VM is connected (green line) to the vmbr0 which is assigned to enp1.

For testing i want to sniff all traffic using vmbr0.
So I run Wireshark on the Kali and looking for PING ICMP packages

When I ping from Linux 1 to Linux 2 - ping is doing well. BUT, i do not see any ICMP packages.
When I ping from Linux 1 or 2 to the NAS - ping is fine, BUT, i do not see any ICMP packages.
When I ping from Linux 1 or 2 to a www website - ping is fine, BUT, i do not see any ICMP packages.

When I ping from Linux 1 to the Kali (running wireshark) - ping is fine AND i see ICMP packages
When I use a brower on Kali. I see the traffic in wireshark

On vmbr0 promisc mode is up.
No firewall is set

Why can´t i see the ping between the linux vms?
Where is my mistake?

Hope someone can help here. Many thanks
Ozzy
 
Last edited:
The bridge will still only forward packets according to the fdb - so they will not be forwarded to the Kali VM unless the traffic goes from / to the VM. Promiscuous mode on the bridge means that the host where the bridge resides can see all traffic. You will probably want to do port mirroring - for further discussion see the following Bugzilla entry [1]

[1] https://bugzilla.proxmox.com/show_bug.cgi?id=6150
 
  • Like
Reactions: ozzyizzy
ok, i solved it. thanks.

So the issue is, that only promisc mode does not work. Thanks Shanreich for that info.
I have create a OSV Bridge and mirrored all traffic from VMs to the NDR VM. and now it works.
But. it seems that the target mirror can only be one vm... sounds like Highlander.. but it can be only on....


Code: 
# Mirror 1: Ziel tap110i1
ovs-vsctl \
  -- --id=@p112 get port tap112i0 _uuid \
  -- --id=@p113 get port tap113i0 _uuid \
  -- --id=@d110 get port tap110i1 _uuid \
  -- --id=@m1 create mirror name=mirror_to_110 select-all=false \
       select-src-port=@p112,@p113 \
       output-port=@d110 \
  -- set bridge ovsbr0 mirrors=@m1
 
Last edited:
You must log in or register to reply here.
Top Bottom