On Sun, Mar 20, 2016 at 05:41:15PM -0500, Kevin Ross wrote: > I'm working on a network security project, using KVM installed on > CentOS 6.7 through yum. I have a VM with the goal of using this as a > network appliance, and two other VMs, one simulating an attack node > and the other simulating a vulnerable webapp. These are all connected > to the same internal private network set up in KVM. The idea with the > network appliance VM is to have it act as if it's connected to a > network tap so it can see the traffic between the other two VMs. I'm > not able to see the traffic currently and would appreciate your help > or suggestions to see if this is possible and how I can set this up if > so. I came across some information online suggesting to have the > interfaces in promiscuous mode, including the virtual NIC for the > private network, and I've tried all combinations. Thanks for any help > you can offer! A network appliance VM isn't necessary if you just want to capture traffic between two VMs. You could capture traffic on the bridge interface on the host instead. But if you do want an appliance VM then it could have two NICs, one connected to each VM. You can set up a software bridge inside the network appliance to forward traffic between the two NICs. This will give you the ability to capture traffic by tcpdumping the NICs or the bridge interface inside the appliance. Stefan
Attachment:
signature.asc
Description: PGP signature