thr3ads.net - Xen users - [Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal [Jan 2008]

If this information is useful, please help other people find it:
Share via:

Paul Nader

2008-Jan-31 22:24 UTC

[Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal

Hi,

 

I have a Centos5 machine running xen 3.0.3-41 with two NICs each on its own
subnet: 192.168.1.x and 192.168.0.x. All DomUs can talk to each other OK
through two xen bridges. There are 3 DomUs: Dom0, Dom1 and Dom2

 

The scenario:

 

I''m trying to capture packets on Dom2 on 192.168.0.x from external
devices
that are sending SIP stuff to Dom1, but fail to capture any packets. I can
only capture them if I run tethereal on Dom1. I''m setting the interface
to
collect in promiscuous mode, enabled all protocols, etc.

 

I can however capture ICMP and ARP packets on Dom2 on 192.168.0.x when I
ping Dom1.

 

Is there anything I need to do to make the bridge assigned to 192.168.0.x
relay _all_ packets to _all_ DomUs?

 

Thanks for any help,

 

Paul.

 



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Todd Deshane

2008-Feb-02 02:03 UTC

head link

Re: [Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal

On Jan 31, 2008 5:24 PM, Paul Nader <paul.nader@gmail.com> wrote:
>  Hi,
>
>
>
> I have a Centos5 machine running xen 3.0.3-41 with two NICs each on its
> own subnet: 192.168.1.x and 192.168.0.x. All DomUs can talk to each other
> OK through two xen bridges. There are 3 DomUs: Dom0, Dom1 and Dom2
>
>
>
> The scenario:
>
>
>
> I''m trying to capture packets on Dom2 on 192.168.0.x from external
devices
> that are sending SIP stuff to Dom1, but fail to capture any packets. I can
> only capture them if I run tethereal on Dom1. I''m setting the
interface to
> collect in promiscuous mode, enabled all protocols, etc.
>
>
>
> I can however capture ICMP and ARP packets on Dom2 on 192.168.0.x when I
> ping Dom1.
>
>
>
> Is there anything I need to do to make the bridge assigned to
192.168.0.xrelay _
> *all*_ packets to _*all*_ DomUs?
>
>
>I''m not sure if there is a direct way to do this. If I was you I would
looking into brctl and also find out if the bridge can be made to act like a
hub.

I wonder if ARP spoofing [1] (i.e. an arp bomb) as suggested in [2] could
work?


[1] http://en.wikipedia.org/wiki/ARP_spoofing
[2] http://lists.xensource.com/archives/html/xen-users/2005-04/msg00284.html




> Thanks for any help,
>
>
>
> Paul.
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@lists.xensource.com
> http://lists.xensource.com/xen-users
>

_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Paul Nader

2008-Feb-04 10:04 UTC

head link

RE: [Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal

Hi Todd,

 

Yes, thats interesting but ARP spoofing sounds a bit of a hack, and Im
sure I can get the bridge to act as a hub for one of the DomUs incoming
packets, which is really what I basically need to achieve. ARP spoofing may
work but may be inappropriate for a production environment.

 

I tried modifying Dom0s iptables entries yesterday without much success. I
basically have:

 

[root@pstnserver ~]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain

ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps

 

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  --  anywhere             192.168.122.0/24    state
RELATED,ESTABLISHED

ACCEPT     all  --  192.168.122.0/24     anywhere

ACCEPT     all  --  anywhere             anywhere

REJECT     all  --  anywhere             anywhere            reject-with
icmp-port-unreachable

REJECT     all  --  anywhere             anywhere            reject-with
icmp-port-unreachable

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match
--physdev-in vif1.0

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match
--physdev-in vif1.1

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match
--physdev-in vif2.1

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match
--physdev-in vif2.0

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match
--physdev-in vif3.0

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match
--physdev-in vif3.1

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

[root@pstnserver ~]#

 

The DomU I want to have get all packets uses vif3.0 so I was hoping that if
I modify the appropriate entry it would work. Problem is I dont know at
this stage what I should modify it to ;) (not much of an iptables person
myself). I suspect I may need to turn ipv4 forwarding on on Dom0 too.

 

Any ideas?

 

Thanks, Paul 

  _____  

From: Todd Deshane [mailto:deshantm@gmail.com] 
Sent: sábado, 02 de febrero de 2008 3:04
To: Paul Nader
Cc: xen-users@lists.xensource.com
Subject: Re: [Xen-users] Missing packets on Dom0 when sniffing bridge with
wireshark/tethreal

 

 

On Jan 31, 2008 5:24 PM, Paul Nader <paul.nader@gmail.com> wrote:

Hi,

 

I have a Centos5 machine running xen 3.0.3-41 with two NICs each on its own
subnet: 192.168.1.x and 192.168.0.x. All DomUs can talk to each other OK
through two xen bridges. There are 3 DomUs: Dom0, Dom1 and Dom2

 

The scenario:

 

I''m trying to capture packets on Dom2 on 192.168.0.x from external
devices
that are sending SIP stuff to Dom1, but fail to capture any packets. I can
only capture them if I run tethereal on Dom1. I''m setting the interface
to
collect in promiscuous mode, enabled all protocols, etc.

 

I can however capture ICMP and ARP packets on Dom2 on 192.168.0.x when I
ping Dom1.

 

Is there anything I need to do to make the bridge assigned to 192.168.0.x
relay _all_ packets to _all_ DomUs?

 

I''m not sure if there is a direct way to do this. If I was you I would
looking into brctl and also find out if the bridge can be made to act like a
hub.

I wonder if ARP spoofing [1] (i.e. an arp bomb) as suggested in [2] could
work?


[1] http://en.wikipedia.org/wiki/ARP_spoofing
[2] http://lists.xensource.com/archives/html/xen-users/2005-04/msg00284.html




 

Thanks for any help,

 

Paul.

 


_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

 



_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users

Possibly Parallel Threads

Search for more possibly parallel threads

Xen users - Jan 2008 - Missing packets on Dom0 when sniffing bridge with wireshark/tethreal

[Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal

Re: [Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal

RE: [Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal

Possibly Parallel Threads