WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-users] Missing packets on Dom0 when sniffing bridge with wiresh

from [Paul Nader] [Permanent Link][Original]
To: <deshantm@xxxxxxxxx>
Subject: RE: [Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal
From: Paul Nader <paul.nader@xxxxxxxxx>
Date: Mon, 4 Feb 2008 11:04:30 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 04 Feb 2008 02:05:05 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:to:cc:references:subject:date:message-id:mime-version:content-type:x-mailer:in-reply-to:x-mimeole:thread-index:from; bh=ivxqdk6kT3F9n+OG2UgQMIfeWxxgHoxuUdY0WjBy1Z4=; b=RckokZfFg9LAfFQ2mHtnlDlkgapgxBPZjVzjPEweyc9VgUPWkOT2pa85GnyiyIfuo8FbEpf2HmMAGXCrrykWk+T4aTLWpxRKRzL1NicajEDsu3ibh+ktcRVfbgo3rw3mrM9WkTHFxFtKXdynwWovM2lPtE/Gbg9jBdkhOHsYfIE=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=to:cc:references:subject:date:message-id:mime-version:content-type:x-mailer:in-reply-to:x-mimeole:thread-index:from; b=TxAmK2M3mNdSdpZ+I6tZ+gSxDqXnY8BqnPPT4DRP1lgI2/egahdz4C8la1PbzgfnP9iR9kA566Y0FCOPiI5iQ2NRojL0Ppawq6e5F7IPTwV3GnEuONTCCmdmZVqnVdL/+SGnU412wy93qU3P4f8O+0u0LUagt9JHjUvfc0zkHsE=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1e16a9ed0802011803o4303082eifbe7b367c429c572@xxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <003a01c86458$08de5fb0$2201a8c0@fuertes> <1e16a9ed0802011803o4303082eifbe7b367c429c572@xxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AchlP9Yi/XertVdzTFOIMmavnCEeHABzWV7w

Hi Todd,

 

Yes, that’s interesting… but ARP spoofing sounds a bit of a hack, and I’m sure I can get the bridge to act as a hub for one of the DomU’s incoming packets, which is really what I basically need to achieve. ARP spoofing may work but may be inappropriate for a production environment.

 

I tried modifying Dom0’s iptables entries yesterday without much success. I basically have:

 

[root@pstnserver ~]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain

ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps

 

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  --  anywhere             192.168.122.0/24    state RELATED,ESTABLISHED

ACCEPT     all  --  192.168.122.0/24     anywhere

ACCEPT     all  --  anywhere             anywhere

REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in vif1.0

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in vif1.1

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in vif2.1

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in vif2.0

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in vif3.0

ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-in vif3.1

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

[root@pstnserver ~]#

 

The DomU I want to have get all packets uses vif3.0 so I was hoping that if I modify the appropriate entry it would work. Problem is I don’t know at this stage what I should modify it to ;) (not much of an iptables person myself). I suspect I may need to turn ipv4 forwarding on on Dom0 too.

 

Any ideas?

 

Thanks, Paul

From: Todd Deshane [mailto:deshantm@xxxxxxxxx]
Sent: sábado, 02 de febrero de 2008 3:04
To: Paul Nader
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal

 

 

On Jan 31, 2008 5:24 PM, Paul Nader <paul.nader@xxxxxxxxx> wrote:

Hi,

 

I have a Centos5 machine running xen 3.0.3-41 with two NICs each on its own subnet: 192.168.1.x and 192.168.0.x. All DomUs can talk to each other OK through two xen bridges. There are 3 DomUs: Dom0, Dom1 and Dom2

 

The scenario:

 

I'm trying to capture packets on Dom2 on 192.168.0.x from external devices that are sending SIP stuff to Dom1, but fail to capture any packets. I can only capture them if I run tethereal on Dom1. I'm setting the interface to collect in promiscuous mode, enabled all protocols, etc.

 

I can however capture ICMP and ARP packets on Dom2 on 192.168.0.x when I ping Dom1.

 

Is there anything I need to do to make the bridge assigned to 192.168.0.x relay _all_ packets to _all_ DomUs?

 

I'm not sure if there is a direct way to do this. If I was you I would looking into brctl and also find out if the bridge can be made to act like a hub.

I wonder if ARP spoofing [1] (i.e. an arp bomb) as suggested in [2] could work?


[1] http://en.wikipedia.org/wiki/ARP_spoofing
[2] http://lists.xensource.com/archives/html/xen-users/2005-04/msg00284.html



 

Thanks for any help,

 

Paul.

 


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] No peth interface for xenbr4 and xenbr5, CHERAMY Guillaume
Next by Date:  PATCH(with manual interaction): Please document build-dependencies (for Debian) in the README - was Re: [Xen-users] Building 3.2 on debian, Henning Sprang
Previous by Thread:  Re: [Xen-users] Missing packets on Dom0 when sniffing bridge with wireshark/tethreal, Todd Deshane
Next by Thread:  [Xen-users] w2k3 cluster on xen, Kędziora Marek
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy