Hi Folks
Wondering if someone has seen this behavior before.
I have a Vswitch setup within 5.1, with promiscuous mode enabled for the vswitch/port group, and a physical nic mapped to the vswitch.
The purpose of the exercise is to have an IDS VM with a its nic linked to the vswitch to be able to monitor a real-physical switch SPAN port, and this SPANed traffic involves hosts NOT belonging to the vswitch.
The problem I am facing when running tcpdump within the IDS VM is that I am only seeing traffic (in promiscuous mode) related to VMs that I have added to this vswitch. Any traffic involving MAC addresses belonging to hosts not belonging to the vswitch does not show up..
I suspect the ESX kernel is dropping such traffic...
Any one seen this before when setting up IDses/monitoring within an ESX environment?
Thanks
K
