Mustafa Karci
2013-Mar-01 08:51 UTC
XCP 1.6 don’t pass throug all traffic to (tpcdump) snort
Hi all,
I have been troubled with the traffic flow on the XCP 1.6 and XCP 0.5.
- I have 4 servers in VLAN2 on port b12,b13,b14,b15 (these servers work
on a XCP 0.5)
- on port a3 have have mirrort al ports from a1,a2,a4-b24
- have a other HP server with XCP1.6 with (Debian 6.0.6 as host) and
install snort. this has 2 eth carts in it. Eth0 is plugt in the VLAN2
network and configured with ip andn eth1 is in the a3 mirror port. The eth1
is not configured with any IP address. This is only for listing.
- have a AP in VLAN 4 on port a13
- And other 8 VLAN for other purpose.
a1 | a3 a13 b12
b14 b23
|--------------------------------------------------------------------------------------------------|
| VLAN1 LAN3 VLAN2
|
|--------------------------------------------------------------------------------------------------|
HP switch
| VLAN2
|
|--------------------------------------------------------------------------------------------------|
a2 | a4 b13
b15 b24
Now the problem:
When I install snort on the a3 mirror port I do not get ICMP packet’s. I
tried tcpdum -n -i eth1 proto ICMP en ping in de VLAN 2 from one server to
the other but without success.
I tried the tcpdump also on de XCP1.6 host ''tcpdump -n -i eth1 proto
ICMP''
no success
, also i tried this with the xenbr1 and vif2.5 but still not getting any
ICMP packets through. So i tried the XEN bridge - promiscous mode
brctl setageing xenbr1 0
ifconfig eth1 promisc
Still not working.
I tried this also on pif-param-set uuid=xxxxxxxx
other-config:promiscous=´on´
and the vif-param-set uuid = xxxxxxx other-config:promiscous=´on´
still I can not see any ICMP packet getting through the XCP1.6 server.
I plug in a laptop with Ubuntu 12.04 and give the same tcpdump -n -i eth1
proto ICMP and with this I see all the ICMP packet’s coming through.
What is see is the next. When I ping in the VLAN 2 network from one server
tot the other I do not get any ICMP packets on the XCP1.6 but when I ping
from the VLAN 2 server to the switch I get only the request from the
x.x.x.x -> x.x.x.x
whit my own pc I`m in the companys network i have added a route to this
testing servers. But when i ping from the VLAN 2 server to my own pc i see
the ICMP request and replay.
output of brctl show :
xenbr0 0000.e4115b0db5b4 no eth0
vif2.3
xenbr1 0000.e4115b0db5b5 no eth1
vif2.5
output pif-param-list uud=xxxxxxxx
device ( RO): eth1
MAC ( RO): xx:xx:xx:xx:xx:
physical ( RO): true
currently-attached ( RO): true
MTU ( RO): 1500
VLAN ( RO): -1
bond-master-of ( RO):
bond-slave-of ( RO): <not in database>
tunnel-access-PIF-of ( RO):
tunnel-transport-PIF-of ( RO):
management ( RO): false
network-uuid ( RO): xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
network-name-label ( RO): Pool-wide network associated
with eth1
host-uuid ( RO): xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
host-name-label ( RO): test
IP-configuration-mode ( RO): None
IP ( RO):
netmask ( RO):
gateway ( RO):
IPv6-configuration-mode ( RO): None
IPv6 ( RO):
IPv6-gateway ( RO):
Primary-address-type ( RO): IPv4
DNS ( RO):
io_read_kbs ( RO): 7.491
io_write_kbs ( RO): 0.000
carrier ( RO): true
vendor-id ( RO): 8086
vendor-name ( RO): Intel Corporation
device-id ( RO): 10d3
device-name ( RO): 82574L Gigabit Network Connection
speed ( RO): 1000 Mbit/s
duplex ( RO): full
disallow-unplug ( RW): false
pci-bus-path ( RO): 0000:03:00.0
other-config (MRW): promiscous=on
on the interface vif2.5 i see lot of packet lost
vif2.5 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx
UP BROADCAST RUNNING NOARP PROMISC MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:2199450 errors:0 *dropped:32233* overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:384 (384.0 b) TX bytes:327882492 (312.6 MiB)
So what am I doing wrong?
kind regards
MK
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users
Possibly Parallel Threads
Wisdom of the Ancients
