WS2012 Hyper-V (and later) gives you the ability to enable port mirroring in VM network connections. The source VM mirrors packets to a VM with destination mode enabled. This is handy for diagnostics of machines that you cannot change or log into; you run a network sniffer on the destination machine without impacting a production VM – no reboots, installs, changes to the guest OS, etc.
Microsoft has released a related KB article for when a packet sniffing tool does not sniff all network traffic through port mirroring on a virtual machine that is hosted by a Windows Server 2012 Hyper-V host.
Consider the following scenario:
- You create a virtual machine (VM) on a Windows Server 2012-based server that has the Hyper-V server role installed.
- You connect the VM to a virtual switch that is connected to a physical network.
- You have two computers (computer A and computer B) that both connect to the physical network.
- The two computers and the VM are in the same subnet.
- You set Mirroring Mode to Destination under the Port Mirroring section of Advanced Features in the VM’s network settings.
- You run a packet sniffing tool on the VM.
- You ping computer B from computer A.
In this scenario, the packet sniffing tool does not capture the packets between computer B and computer A.
This issue occurs because the virtual switch does not deliver the packets to the mirroring destination port.
A supported hotfix is available from Microsoft.