Pass External Data through Microsoft Hyper-V

You can pass data from an external source, such as a router, through Hyper-V to the Tenable Nessus Network Monitor server. This allows you to mirror traffic from an internal virtual machine to an internal instance of Tenable Nessus Network Monitor.

Note: This can only be done on Windows 2012 with a hot patch (http://support.microsoft.com/kb/2885541/en-us) or on Windows 2016. These steps do not apply to Windows 2008.

To pass external data through Hyper-V to an internal instance of Tenable Nessus Network Monitor:

  1. Power down your virtual machine.
  2. Under Actions on the monitored virtual machine, navigate to the Settings option.

  3. Click SPAN/Mirror NW Adapter - Advanced Features.
  4. In the Port Mirroring section, from the Mirroring Mode drop-down, select Destination.

  5. Click Apply.
  6. Click OK.
  7. Start your virtual machine.

  8. To enable mirror source on the external interface, run the following command:

    Note: Values in red must be changed to match your specific virtual machine configuration.

    $a = Get-VMSystemSwitchExtensionPortFeature -FeatureId 776e0ba7-94a1-41c8-8f28-951f524251b5

    $a.SettingData.MonitorMode = 2

    add-VMSwitchExtensionPortFeature -ExternalPort -SwitchName "<MS VSwitch Name>" -VMSwitchExtensionFeature $a

  9. To set all VLANs and native VLAN on the span port, run the following command:

    Note: Values in red must be changed to match your specific virtual machine configuration.

    Get-VMNetworkAdapter -VMName “<VMName>” | Where-Object -Property MacAddress -eq "<VM_MAC_Address>" | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-4094" -NativeVlanId