How to use virtual Ethernet adapters in promiscuous mode on VMware

When an Ethernet adapter is turned into promiscuous mode, all packets on the connected network are received by the interface. In Linux, you can easily enable promiscuous mode by using ifconfig command. In VMs created by VMware Workstation or Player, however, you may encounter a situation where promiscuous mode does not work on virtual Ethernet interfaces.

In this post, I will describe how to enable promiscuous mode on virtual Ethernet adapters created by VMware.

The reason for promiscuous mode not working is that VMware Workstation or Player does not allow the virtual Ethernet adapter of a guest VM to go into promiscuous mode unless VMware software has read-write access permission on /dev/vmnet* on host machine.

By default, the permission settings on /dev/vmnet* are as following, where only the root has read-write access to /dev/vmnet*

$ ls -al /dev/vmnet*
crw------- 1 root root 119, 0 May 22 09:06 /dev/vmnet0
crw------- 1 root root 119, 1 May 22 09:06 /dev/vmnet1
crw------- 1 root root 119, 8 May 22 09:06 /dev/vmnet8

Therefore, if you are running VMware software as a non-root regular user under this setting, virtual Ethernet adapters of guest VMs cannot enter promiscuous mode. You need to give yourself (i.e., your Linux user ID) permission to access /dev/vmnet* in order to be able to use promiscuous mode in guest VMs.

Method One

To give a specific Linux user access permission to use promiscuous mode, do the following on host machine.

First, create a new Linux group which has permission to use promiscuous mode, and add yourself to the group.

$ sudo groupadd promiscuous
$ sudo usermod -a -G promiscuous <your_user_id>

Update the group ownership and access permission of /dev/vmnet*

$ sudo chgrp promiscuous /dev/vmnet*
$ sudo chmod g+rw /dev/vmnet*

Method Two

To allow all users (instead of a specific user) to set the virtual adapter to promiscuous mode, run the following command on host machine.

$ sudo chmod a+rw /dev/vmnet*

After changing access permission, you need to restart VMware Workstation or Player to make the change effective.

Make Permission Change on /dev/vmnet* Permanent

Note that the permission change made on /dev/vmnet* by two methods described above will be lost when you reboot a host machine. /dev/vmnet* will revert to root-only permissions after rebooting. If you would like to make permission change on /dev/vmnet* permanent, you need to do the necessary permission change within the VMware startup script located at /etc/init.d/vmware. More specifically, you need to append the permission change logic in vmwareStartVmnet() function as follows.

For Method One (assuming that you already created a Linux group called "promiscuous" as described earlier):

vmwareStartVmnet() {
  vmwareLoadModule $vnet
  "$BINDIR"/vmware-networks --start >> $VNETLIB_LOG 2>&1
  chgrp promiscuous /dev/vmnet*
  chmod g+rw /dev/vmnet*
}

For Method Two:

vmwareStartVmnet() {
  vmwareLoadModule $vnet
  "$BINDIR"/vmware-networks --start >> $VNETLIB_LOG 2>&1
  chmod a+rw /dev/vmnet*
}

Subscribe to Xmodulo

Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.


Support Xmodulo

Did you find this tutorial helpful? Then please be generous and support Xmodulo!

The following two tabs change content below.
Dan Nanni is the founder and also a regular contributor of Xmodulo.com. He is a Linux/FOSS enthusiast who loves to get his hands dirty with his Linux box. He likes to procrastinate when he is supposed to be busy and productive. When he is otherwise free, he likes to watch movies and shop for the coolest gadgets.

Leave a comment

Your email address will not be published. Required fields are marked *