Re: KVM networking issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Mike,

Thanks for the info. I'd rather run monitoring such as tcpdump from
the VM if possible and not the host as a simulation of a network
appliance and with the intent eventually of giving others access to
the VM and not the host. Here is the xml file for the private network:

<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
  virsh net-edit virbr1
or other application using the libvirt API.
-->

<network>
  <name>virbr1</name>
  <uuid>####</uuid>
  <forward mode='nat'/>
  <bridge name='virbr1' stp='on' delay='0' />
  <mac address='52:54:00:##:##:##'/>
  <ip address='192.168.100.1' netmask='255.255.255.0'>
  </ip>
</network>

There are two VMs connected to this interface, and the monitoring or
"appliance" VM is connected to both this and the external interface.

Please let me know if I can provide more info that will be relevant.

Thanks,

Kevin

On Tue, Mar 22, 2016 at 9:41 AM, Mike - st257 <silvertip257@xxxxxxxxx> wrote:
> On Mon, Mar 21, 2016 at 1:33 PM, Kevin Ross <sedecim@xxxxxxxxx> wrote:
>>
>> Hi folks,
>>
>> I posted this question to the KVM list, but I thought I'd try here
>> too--sorry if this is the wrong place to post this, can you please
>> direct me to the correct forum or list if so, thanks!
>>
>> I'm working on a network security project, using KVM installed on
>> CentOS 6.7 through yum. I have a VM with the goal of using this as a
>> network appliance, and two other VMs, one simulating an attack node
>> and the other simulating a vulnerable webapp. These are all connected
>> to the same internal private network set up in KVM. The idea with the
>> network appliance VM is to have it act as if it's connected to a
>> network tap so it can see the traffic between the other two VMs. I'm
>> not able to see the traffic currently and would appreciate your help
>> or suggestions to see if this is possible and how I can set this up if
>
>
> From the KVM host you should be able to point tcpdump at the vnetX
> interfaces and sniff.
> I've had to do this on occasion (with a bridged network setup) when a web
> hosting VM was being brute forced.
>
>>
>> so. I came across some information online suggesting to have the
>> interfaces in promiscuous mode, including the virtual NIC for the
>> private network, and I've tried all combinations. Thanks for any help
>> you can offer!
>
>
> Start by determining what interface your VM is attached to.
>
> We have no idea the network layout of your KVM set up for VMs either.
> Look at the XML for your VM to determine which interface it's tied to.
>
> --
> ---~~.~~---
> Mike
> //  SilverTip257  //
>
> _______________________________________________
> CentOS-virt mailing list
> CentOS-virt@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos-virt
>



-- 
sedecim@xxxxxxxxx
_______________________________________________
CentOS-virt mailing list
CentOS-virt@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos-virt



[Index of Archives]     [CentOS Users]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [X.org]     [Xfree86]     [Linux USB]

  Powered by Linux