Re: [Xen-users] Missing packets on Dom0 when sniffing bridge wit

To:	"Paul Nader" <paul.nader@xxxxxxxxx>
Subject:	Re: [Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal
From:	"Todd Deshane" <deshantm@xxxxxxxxx>
Date:	Fri, 1 Feb 2008 21:03:42 -0500
Cc:	xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Fri, 01 Feb 2008 18:04:15 -0800
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=ZVcR8vVk/yviiOQpOJFjnU45JR/vq2mEYgAYNH4+so4=; b=hP/UX/6oJYola4y/emVl18TLx2eSjlxCGiAEfnp99mvWvOVIgbs942rTHWrjHtTnn+PKeOf+XDr+sr7cPuvvwUyPZ3VvZPZuFPgBKOR/mTER9tzsehk10wWTyuZs6+iKuIngiw0tq7erYHiFHDDSufYhQvtBCpLMb/s6gEp8J9I=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:references; b=W2PCdbOQOY43v0x304avK5paCZCQ1he8y2H7ud6Go7/xDaXuGw85lOgspHuUiypWrWp1N+eDTiJDJAYcKn2PTDTAnFNdHOv5HnNk222VU4WuwvPCsu9c1tnmKAvoCO8PFCgTH9ZWmxvNwXATWiiaJCn3AdlIUuZB8szfVGmAHvs=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<003a01c86458$08de5fb0$2201a8c0@fuertes>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<003a01c86458$08de5fb0$2201a8c0@fuertes>
Reply-to:	deshantm@xxxxxxxxx
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx

On Jan 31, 2008 5:24 PM, Paul Nader <paul.nader@xxxxxxxxx> wrote:

Hi,

I have a Centos5 machine running xen 3.0.3-41 with two NICs each on its own subnet: 192.168.1.x and 192.168.0.x. All DomUs can talk to each other OK through two xen bridges. There are 3 DomUs: Dom0, Dom1 and Dom2

The scenario:

I'm trying to capture packets on Dom2 on 192.168.0.x from external devices that are sending SIP stuff to Dom1, but fail to capture any packets. I can only capture them if I run tethereal on Dom1. I'm setting the interface to collect in promiscuous mode, enabled all protocols, etc.

I can however capture ICMP and ARP packets on Dom2 on 192.168.0.x when I ping Dom1.

Is there anything I need to do to make the bridge assigned to 192.168.0.x relay _all_ packets to _all_ DomUs?

I'm not sure if there is a direct way to do this. If I was you I would looking into brctl and also find out if the bridge can be made to act like a hub.

I wonder if ARP spoofing [1] (i.e. an arp bomb) as suggested in [2] could work?

[1] http://en.wikipedia.org/wiki/ARP_spoofing
[2] http://lists.xensource.com/archives/html/xen-users/2005-04/msg00284.html

Thanks for any help,

Paul.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

Re: [Xen-users] Missing packets on Dom0 when sniffing bridge with wiresh