[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal


  • To: <deshantm@xxxxxxxxx>
  • From: Paul Nader <paul.nader@xxxxxxxxx>
  • Date: Mon, 4 Feb 2008 11:04:30 +0100
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 04 Feb 2008 02:05:05 -0800
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=to:cc:references:subject:date:message-id:mime-version:content-type:x-mailer:in-reply-to:x-mimeole:thread-index:from; b=TxAmK2M3mNdSdpZ+I6tZ+gSxDqXnY8BqnPPT4DRP1lgI2/egahdz4C8la1PbzgfnP9iR9kA566Y0FCOPiI5iQ2NRojL0Ppawq6e5F7IPTwV3GnEuONTCCmdmZVqnVdL/+SGnU412wy93qU3P4f8O+0u0LUagt9JHjUvfc0zkHsE=
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Thread-index: AchlP9Yi/XertVdzTFOIMmavnCEeHABzWV7w

Hi Todd,

 

Yes, that’s interesting… but ARP spoofing sounds a bit of a hack, and I’m sure I can get the bridge to act as a hub for one of the DomU’s incoming packets, which is really what I basically need to achieve. ARP spoofing may work but may be inappropriate for a production environment.

 

I tried modifying Dom0’s iptables entries yesterday without much success. I basically have:

 

[root@pstnserver ~]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain

ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps

 

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  --  anywhere             192.168.122.0/24    state RELATED,ESTABLISHED

ACCEPT     all  --  192.168.122.0/24     anywhere

ACCEPT     all  --  anywhere             anywhere

REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in vif1.0

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in vif1.1

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in vif2.1

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in vif2.0

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in vif3.0

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in vif3.1

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

[root@pstnserver ~]#

 

The DomU I want to have get all packets uses vif3.0 so I was hoping that if I modify the appropriate entry it would work. Problem is I don’t know at this stage what I should modify it to ;) (not much of an iptables person myself). I suspect I may need to turn ipv4 forwarding on on Dom0 too.

 

Any ideas?

 

Thanks, Paul


From: Todd Deshane [mailto:deshantm@xxxxxxxxx]
Sent: sábado, 02 de febrero de 2008 3:04
To: Paul Nader
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal

 

 

On Jan 31, 2008 5:24 PM, Paul Nader <paul.nader@xxxxxxxxx> wrote:

Hi,

 

I have a Centos5 machine running xen 3.0.3-41 with two NICs each on its own subnet: 192.168.1.x and 192.168.0.x. All DomUs can talk to each other OK through two xen bridges. There are 3 DomUs: Dom0, Dom1 and Dom2

 

The scenario:

 

I'm trying to capture packets on Dom2 on 192.168.0.x from external devices that are sending SIP stuff to Dom1, but fail to capture any packets. I can only capture them if I run tethereal on Dom1. I'm setting the interface to collect in promiscuous mode, enabled all protocols, etc.

 

I can however capture ICMP and ARP packets on Dom2 on 192.168.0.x when I ping Dom1.

 

Is there anything I need to do to make the bridge assigned to 192.168.0.x relay _all_ packets to _all_ DomUs?

 

I'm not sure if there is a direct way to do this. If I was you I would looking into brctl and also find out if the bridge can be made to act like a hub.

I wonder if ARP spoofing [1] (i.e. an arp bomb) as suggested in [2] could work?


[1] http://en.wikipedia.org/wiki/ARP_spoofing
[2] http://lists.xensource.com/archives/html/xen-users/2005-04/msg00284.html



 

Thanks for any help,

 

Paul.

 


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.