[CentOS-virt] KVM networking issue

Tue Mar 22 16:41:29 UTC 2016
Mike - st257 <silvertip257 at gmail.com>

On Mon, Mar 21, 2016 at 1:33 PM, Kevin Ross <sedecim at gmail.com> wrote:

> Hi folks,
> I posted this question to the KVM list, but I thought I'd try here
> too--sorry if this is the wrong place to post this, can you please
> direct me to the correct forum or list if so, thanks!
> I'm working on a network security project, using KVM installed on
> CentOS 6.7 through yum. I have a VM with the goal of using this as a
> network appliance, and two other VMs, one simulating an attack node
> and the other simulating a vulnerable webapp. These are all connected
> to the same internal private network set up in KVM. The idea with the
> network appliance VM is to have it act as if it's connected to a
> network tap so it can see the traffic between the other two VMs. I'm
> not able to see the traffic currently and would appreciate your help
> or suggestions to see if this is possible and how I can set this up if

>From the KVM host you should be able to point tcpdump at the vnetX
interfaces and sniff.
I've had to do this on occasion (with a bridged network setup) when a web
hosting VM was being brute forced.

> so. I came across some information online suggesting to have the
> interfaces in promiscuous mode, including the virtual NIC for the
> private network, and I've tried all combinations. Thanks for any help
> you can offer!

Start by determining what interface your VM is attached to.

We have no idea the network layout of your KVM set up for VMs either.
Look at the XML for your VM to determine which interface it's tied to.

//  SilverTip257  //
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20160322/7fd611c9/attachment-0005.html>