I know VirtualBox can configure bridge adpater and open promisc options, it will get all packets that the host machine gets.
But if I want do some specific test, like run DPDK in VirtualBox. How can I replay pcap file to virtual machine's nic so the DPDK program can receive those packets?
In KVM-QEMU each virtual (not SRIOV/VF) port of quest has an equivalent port representation on host os. This is same interface you add to host Bridge.
To identify the port representation, use brctl show to identify the host NIC.
To send packets to interface, use tcpreplay/pktgen/ping/arping.
To observe packets on the host for traffic coming from guest port, tcpdump -eni [interface on host] -Q in
Related
I am running server and client in same system. TCP protocol is used for communication between them. In a scenario where client wants to send packet to server, will it go through network infra (i.e. router, internet etc) and come to server or will it manage transfer within system and ignore network.
If you are on the server, any communication you initiate to IP addresses also on the same server will never leave the server.
You can test by installing tcpdump then running from the console/keyboard/mouse:
tcpdump -n -i enp0s5 not arp
Do not generate network traffic. Try to ssh to your account on IP 127.0.0.1 (e.g. risner#127.0.0.1).
Also try to initiate ssh to another host on the network.
Nothing should show on tcpdump, so that indicates it is not leaving the machine.
Folks,
I have a Ubuntu machine connected to the Internet through wireless (wlan0), and I am sharing this connection to my Ethernet port (eth1). Then, I have this Ethernet port connected to a switch, and two windows machine connected to the same switch. So the two windows machines have a static IP from the LAN generated from the route generated from wlan0 to eth1, so that I can communicate with all 3 computers at the same time (this works since I can ssh and remote access all 3 computers).
My problem is that I when I run my LCM program (with TTL = 1) on my windows PC, I cannot receive the messages on my Ubuntu machine (meaning that the message should pass through the Ethernet). How can I make sure the UDP messages can be routed back into my Ubuntu machine from the windows machines while the wireless network is running?
This was my solution to the problem (right there on the LCM website):
sudo ifconfig eth1 multicast
sudo route add -net 224.0.0.0 netmask 240.0.0.0 dev eth1
Now all my UDP packets are routed only through eth1. And my shared network (from wlan0) is still intact after this. So all computers have internet at the same time. So great!
I am using the Virtual Box. The virtual machine is using the Host Only Network since this is the only way for Wireshark to monitor the packets sent from a VM.
Below is my virtual/host machine topology.
the Guest OS is visiting some website host on the Host OS.
Below is what I captured with Wireshark:
My question is:
Why there are only VM -> Host packets?
Where are the Host -> VM packets?
I just read about promiscuous mode can be turned on of a internet interface? So I made a small test environment, I opened 3 droplet server on digitalocean, with private networking on. so I end up with 3 server within the 10.130.x.x local network.
server1: 10.130.247.92
server2: 10.130.237.218
server3: 10.130.237.219
in server1, I'm using tshark to capture packets from eth1(private network interface) by
tshark -i eth1
And in server2, I constantly ping server1
ping 10.130.247.92
now server1 capture all the ICMP packets from server2, in the meantime, I turn on promiscuous mode of eth1 in server3
ifconfig eth1 promisc
and start to capture eth1, but I couldn't capture the ICMP packet to server1.
Why is that? I'm guessing in the network is switch based, instead of hub based, so server3 can't capture packets from server2 to sever1, even they are all in the same local network and promiscuous mode is on
Your guess that switch is the culprit is correct. Promiscuous mode means that Ethernet controller would accept packets with any destination MAC address. It does not guarantee that such packet will be sent to that controller.
Even though those hosts are on the same subnet, these days the hosts on that subnet are likely to be connected to an ethernet switch. The switch monitors incoming packets from all ports and learns behind which port it's seen particular MAC addresses. So, if box A is connected to port 0, box B, to port 1 and box C to port 2, and assuming that each host already sent at least one packet so the switch knows who's where, if A sends a packet to B, the switch will send the packet only to port 1. If you've enabled promiscuous mode on C, you will not see the packet sent from A to B.
Here's somewhat more detailed explanation how MAC learning works.
How do I set an IP address for a TUN interface on OSX? I cannot figure out how to set up an ip address for my interface without specifying a destination IP. I don't want to do that- I'm want to more or less build a tunnel to an arbitrary address at a later point in time. Prior questions which are unhelpful:
There's a question that has an unclear answer, so I tried following the reference.
This question sets a point to point ip address for a tun device, so it has a destination, which is exactly what I don't want.
On the page for osxtuntap it says:
ifconfig tap0 10.1.2.3 up
I cannot make this work on OSX 10.6 for a TUN interface:
$ sudo ifconfig tun0 10.1.2.3 up
ifconfig: ioctl (SIOCAIFADDR): Destination address required
Adding a netmask doesn't help- OSX seems to demand a destination address:
$ ifconfig tun0 10.0.0.1/24 netmask 255.255.255.0
ifconfig: ioctl (SIOCAIFADDR): Destination address required
For linux, I get how it works. According to this page, you open() the interface, and use the ip command, and do this, and I've done this before with zero issues:
$ ip link set tun0 up
$ ip addr add 10.0.0.1/24 dev tun0
All I want to do is the same thing that I can do in linux.
EDIT:
I'm writing a little UDP tunnel app. Like so:
tun1 -> udp app #1 -> udp tunnel -> udp app #2 -> tun2
If the udp apps are on different computers (let's say local and remote), I'd like to associate their respective tun devices with an ip address, so I can send a packet from local to remote via the tunnel by sending the packet to the ip address of the tun device on the remove machine.
To borrow more from the linux tutorial, the author sets up a tun device on local and remote, associates ips, and runs a simple tunneling app, and then pings the other end of the tunnel:
[remote]# ip link set tun3 up
[remote]# ip addr add 192.168.0.2/24 dev tun3
[remote]$ ./simpletun -i tun3 -s
# server blocks waiting for the client to connect
[local]# ip link set tun11 up
[local]# ip addr add 192.168.0.1/24 dev tun11
[local]$ ./simpletun -i tun11 -c 10.2.3.4
# nothing happens, but the peers are now connected
[local]$ ping 192.168.0.2
By default, tun devices operate in the layer 3 mode, aka point to point. You're asking for layer 2 mode which more closely resembles a generic Ethernet device. Linux calls these tap devices. In OpenBSD you can switch a tun device into layer 2 mode with "ifconfig tun0 link0". The Macintosh tuntaposx driver mimics Linux' device schism; open a tap device instead.
You might want to review https://community.openvpn.net/openvpn/wiki/BridgingAndRouting to determine if you really want tap devices. They add a little overhead. If you just need two boxes to pass IP packets between each other and no bridging or broadcasting to a larger subnet, point to point should be sufficient.
For example, if you have two machines, one we label "local" with a LAN IP address like 192.168.0.12 and another we label "remote" with a LAN IP address like 192.168.1.14, you can assign tunnel IP addresses thusly:
ifconfig tun0 inet 10.0.0.1 10.0.0.2 up
on the local system, and:
ifconfig tun0 inet 10.0.0.2 10.0.0.1 up
on the remote system. Note the reversed perspective on the remote machine. Do not set your point to point addresses to anything on an existing subnet; it will not route properly.
I can't stress this enough: read and re-read the manual pages ("man ifconfig" and "man tun", probably others) until they make sense. My ifconfig examples above may differ slightly from your operating system.
And for another perspective you might look into GRE tunnels as their functionality mirrors what you describe for your program. However, GRE is likely not viable in today's TCP-centric networks nor is it a good idea due to major security issues.
If your goal is to circumvent an overbearing firewall, be aware that many such firewalls block UDP (and especially GRE) packets. In such a case, try SSH interface tunneling to set up tun/tap interfaces and forward packets. You get encryption and optionally compression as well. :)