Wireshark for capturing packets on bridged interface in VMWare

Question

How can I use Wirehsark to capture packets from VMs using bridged interfaces ? My setup is:

Windows PC with VMWare Workstation - Three physical network interfaces, each assigned a static IP - Three Linux VMs each bridged to one of the physical network interfaces but also assigned a seperate static IP address (to avoid an IP conflict - is this correct ?)

MAC OSX with VMWare Fusion -1 physical network interfaces -1 Kali Linux VM (running Wireshark in promsc mode) bridged to the physical network interface

I am trying to run Kali on the MAC and capture all packets between the VMs. If I ping Kali (on MAC) from a linux VM (on PC) wirehsark sees the packets. If however I ping between the Linux VMs (on PC) wireshark on Kali does not see the ICMP requests.

I read that Wireshark cannot see packets on bridged interfaces and the advice was to use NAT, however im not sure this would work in the setup, as although I could get the three VMS to have an ip address in the correct subnet , they would all be resolved to the physical cards IP address, which would be on a different IP range.

Any ideas of how best to configure my lab to allow VMs on the MAC and PC to use the same subnet range, and for wireshark to capture all traffic on the whole network

Answer 1

Managed to figure out a workaround which was to create a mirror port on the switch and mirror all traffic from the ports connected to the three VMs. Then sniffed the port using wireshark. Maybe not the best solution but gave me the resut I needed, hope this helpful to someone else.