Skip to Main Content

sniffing traffic between two or three hosts in virtual network

Vladimir KunschikovApr 23 2019 — edited Apr 29 2019

Hello,

I am using the following Oracle Virtualization system:

Oracle VM Manager

Version: 3.4.1.1369

Build: 20160405_1369

and  bumped into the following problem:  traffic goes to the target interfaces only, so there is no possibility to sniff it.

I can't pass any traffic to the host which is running on the vmserver from the server pool regardless of the network type - whether network was created with bond/port or local.

Simplified cases are here below, the following simple scenarios:

  1. Two linux hosts, two interfaces in the same network. One is running tcpreplay of some PCAP-file,  the second is running tcpdump. There is no any other hosts on this network. both of the interfaces are without any IP. Result: only some percents of the traffic are read by the tcpdump. It should be noted, that the same configuration on other vendor's virtualization systems require some tweaks to allow proper promiscuous mode on the interface. Seems like vm manager console lacks option like  `create vnic name=.. network=.. promiscuous=yes on vm id=..`.
  2. Three hosts, three interfaces, two of them has IPv4 adresses - 1.2.3.4 and 1.2.3.6. Doing scp of the file from the first to the second one. File transmission goes without any errors with reasonable speed. Third host with iface in the same network is doing tcpdump of the network. There is only one packet from the very start of the scp renegotiation is seen by the tcpdump.

I tried tcpreplay directly to and tcpdump directly from the vif* interfaces on the virtual server. The results are somewhat interesting: replay is passing all of the traffic to the virtual host, but the tcpdump from the vif* iface writes about 99% percent packets  'dropped by kernel'.

The question is: how to grab any traffic, local or not, by the interface running by the system in the virtual host? And, if it is not possible,  how to pci-bypass physical interface to the virtual guest?

Thanks for the attention.

Comments
Post Details
Added on Apr 23 2019
2 comments
422 views