Skip to main content
All CollectionsGetting StartedData Sources Configuration
Configuring a vSwitch with promiscuous mode
Configuring a vSwitch with promiscuous mode
A
Written by Alex Patnick
Updated this week

For a Network Sensor to see all the traffic on an ESX/ESXi host, it must be correctly configured to see all the traffic. Faddom can perform this configuration for you if you are running vCenter version 6.5 or newer. To see all the changes that the Faddom automated deployment performs, see here.

In order to capture traffic from an ESX host, Faddom needs to have a VM with a Network Sensor on that host. For the first host, you can direct the traffic directly at the Faddom server. For additional hosts, there is a lightweight prebuilt sensor appliance which you can deploy. To deploy this VM, go to Settings -> Sensors and click on New. There you have a URL for an ovf file that you can deploy to VMware.

The network sensor appliance is configured with 1 NIC by default for the default management traffic. Additional NICs may be added to capture traffic from multiple vSwitches.

The management NIC will be used to communicate with the server and should have an IP address with which it can share with. All other NICs are for capturing traffic only and do not need to have IP addresses set up.

To set up the promiscuous mode interfaces:

  1. Deploy the Faddom Sensor appliance on the ESX host you wish to map traffic for.

  2. In the vSphere Client, please navigate to the host you have deployed on and go to Configure -> Networking -> Virtual switches.

  3. For each standard switch you wish to get traffic for:

    1. Click on Add Networking

    2. Select Virtual Machine Port Group for a Standard Switch

    3. Confirm the target device

    4. Give the port group a name and select All for the VLAN ID.

    5. Finish creating the port group

    6. Edit the port group and go to Security

    7. For Promiscuous mode, select Override and select Accept

  5. Make sure the Network Sensor appliance is powered off.

  6. For each switch you configured in step 3, add a network adapter and assign it to the port group you created.

  7. Start the Network Sensor appliance and log in.

  8. Switch to the root user using sudo su

  9. Execute the /etc/illuminit/configip.sh script to define a fixed IP address for the VM and configure the newly added network adapters.

  10. Open the Faddom Discover Server UI, and under Settings->Sensors, add the sensor that you just configured.

  11. Repeat for any additional ESX servers you wish to get traffic for.

The following link provides explanations about promiscuous mode for virtual switches.

Did this answer your question?