The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

How to configure Hyper-V Port Mirroring

Download Windows Speedup Tool to fix errors and make PC run faster

Port mirroring is a feature that duplicates network traffic from a source host’s port to a secondary host for analysis. It can be used for monitoring, troubleshooting, and analyzing network communication and conjunction. In this post, we are going to learn how to configure Hyper-V Port Mirroring, which is a Windows native hypervisor.

Configure Hyper-V Port Mirroring on Windows computers

Port Mirroring allows you to duplicate the network traffic from the host, which will be the source to a secondary host, which will be the target. The source host is monitored, with its port referred to as the Mirrored port, while the destination port is called the Observed port. This technique is also known as Switched Port Analyzer (SPAN).

In Hyper-V, we can use Port Mirroring to analyze traffic in the network of machines via virtual switches, which are essentially used by Hyper-V VMs to communicate with the external network or internally with other machines. To do this, you need to define a destination VM and install traffic-capturing software like Wireshark or use other intrusion detection systems (IDS).

Port mirroring in Hyper-V functions similarly to hardware port mirroring but operates at the virtual switch level, using switch extensions and port Access Control Lists (ACLs) to set rules for traffic forwarding and sniffing. However, in the case of Hyper-V, Port forwarding only works within a single host. If the machines are on different hosts, let’s say, in the case of a Failover Cluster or after migration, the feature will fail to work.

To configure Hyper-V Port Mirroring, you need to follow the steps mentioned below.

  1. Create a virtual switch
  2. Configure the source virtual machine
  3. Configure the target virtual machine

Let us talk about them in detail.

1] Create a virtual switch

First, we need to configure the virtual switch that will communicate with your virtual machines. To do so, follow the steps mentioned below.

  1. Open Hyper-V Manager, right-click on the host machine and select Virtual Switch Manager.
  2. Now, click on Create Virtual Switch.
  3. Give your switch a name, we will go with ‘Switch_1’, select External, and click on Apply > Ok.

This way, we will create a virtual switch that will be used in this tutorial, if you already have a switch configured, you don’t have to create a new one.

We need to make some additional configurations to the switch. To do so, follow the steps mentioned below.

  1. Open Control Panel.
  2. Go to Network and Internet > Network and Sharing Center.
  3. Click on Change adapter settings.
  4. Right-click on the virtual switch and select Properties.
  5. Go to the Sharing tab and untick Allow other network users to connect through the computer’s internet connection.
  6. Select a network device from the drop-down menu and click on Ok.

This configuration was needed in order to configure Port mirroring.

2] Configure the source virtual machine

configure Hyper-V Port Mirroring

Now that we have created the virtual switch, let’s configure the source machine so that we can monitor its traffic. To do so, follow the steps mentioned below.

  1. In Hyper-V Manager, right-click on the source machine, and select Settings.
  2. Now, you need to click on Network Adapter, click on the Plus icon, and then on Advanced features.
  3. Then, go to the Port Mirroring section, and select Source in the Mirroring Mode drop-down menu.
  4. Click on Ok.

If you want, you can configure multiple source virtual machines, the only thing to keep in mind is that you will have to use a single virtual switch and maintain uniformity. Once done, we will proceed with the configuration of the destination machine.

3] Configure the destination virtual machine

After configuring the source VM, we will configure the destination. To analyze network traffic more accurately, create an extra network adapter on the destination VM and disable all network services for this adapter. This way, you can capture a complete dump of the network traffic after turning off any unnecessary services and protocols. Follow the steps mentioned below to do the same.

  1. Power off the virtual machine if it’s running.
  2. Now, right-click on the machine and select Settings.
  3. Go to Add hardware, select Network adapter, and then click on the Add button.
  4. Now, you will have to select the virtual switch that we created earlier and configure it for the source machine. Since we created, Switch_1, we just selected it in the drop-down menu and clicked on Apply > Ok.
  5. Now, re-open the VM’s settings using the same method you used earlier.
  6. Go to the Network Adapter tab, click on the Plus (+) icon, and then click on Advanced features.
  7. Now, navigate to the Port mirroring section, and select Destination in the drop-down menu of Mirroring mode to get mirrored network traffic.
  8. Click on Apply > Ok.

Now, you can use tools such as wireshark.org to analyze the network traffic of the source machine on the destination VM.

Read: What is Port Forwarding? How do you forward Ports?

How do I set up port mirroring?

If you want to configure port mirroring in Hyper-V, you first need a virtual switch that supports NAT. Once done, you can make one or more virtual machine(s) the source, the one whose traffic we will be monitoring, and the other VM as the destination, where we are going to monitor the traffic.

Read: Error applying Virtual Switch Properties changes in Hyper-V

On which device is port mirroring configured?

Port mirroring is configured on your network devices such as switches and routers. It can duplicate traffic from one source’s port to that of the destination for monitoring and analysis purposes.

Also Read: Use Hyper-V in Windows 11.

Yusuf@TWC

Yusuf is an Engineering graduate from Delhi. He has written over 1000 technical articles and has knowledge of programming languages including Java, and C++, and technologies such as Oracle 12C and MsSQL. Troubleshooting Windows is his favorite past-time.