<div dir="ltr">On Mon, Mar 21, 2016 at 1:33 PM, Kevin Ross <span dir="ltr"><<a href="mailto:sedecim@gmail.com" target="_blank">sedecim@gmail.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Hi folks,<br>
<br>
I posted this question to the KVM list, but I thought I'd try here<br>
too--sorry if this is the wrong place to post this, can you please<br>
direct me to the correct forum or list if so, thanks!<br>
<br>
I'm working on a network security project, using KVM installed on<br>
CentOS 6.7 through yum. I have a VM with the goal of using this as a<br>
network appliance, and two other VMs, one simulating an attack node<br>
and the other simulating a vulnerable webapp. These are all connected<br>
to the same internal private network set up in KVM. The idea with the<br>
network appliance VM is to have it act as if it's connected to a<br>
network tap so it can see the traffic between the other two VMs. I'm<br>
not able to see the traffic currently and would appreciate your help<br>
or suggestions to see if this is possible and how I can set this up if<br></blockquote><div><br></div><div>From the KVM host you should be able to point tcpdump at the vnetX interfaces and sniff.<br></div><div style="">I've had to do this on occasion (with a bridged network setup) when a web hosting VM was being brute forced.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
so. I came across some information online suggesting to have the<br>
interfaces in promiscuous mode, including the virtual NIC for the<br>
private network, and I've tried all combinations. Thanks for any help<br>
you can offer!<span class=""><font color="#888888"><br>
</font></span></blockquote></div><div class="gmail_extra"><br></div>Start by determining what interface your VM is attached to.<br><br>We have no idea the network layout of your KVM set up for VMs either.</div><div class="gmail_extra">Look at the XML for your VM to determine which interface it's tied to.<br clear="all"><div><br></div>-- <br><div class="gmail_signature">---~~.~~---<br>Mike<br>// SilverTip257 //</div>
</div></div>