[CentOS-virt] KVM networking issue

Tue Mar 22 17:57:33 UTC 2016
Kevin Ross <sedecim at gmail.com>

Hi Mike,

Thanks for the info. I'd rather run monitoring such as tcpdump from
the VM if possible and not the host as a simulation of a network
appliance and with the intent eventually of giving others access to
the VM and not the host. Here is the xml file for the private network:

OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
  virsh net-edit virbr1
or other application using the libvirt API.

  <forward mode='nat'/>
  <bridge name='virbr1' stp='on' delay='0' />
  <mac address='52:54:00:##:##:##'/>
  <ip address='' netmask=''>

There are two VMs connected to this interface, and the monitoring or
"appliance" VM is connected to both this and the external interface.

Please let me know if I can provide more info that will be relevant.



On Tue, Mar 22, 2016 at 9:41 AM, Mike - st257 <silvertip257 at gmail.com> wrote:
> On Mon, Mar 21, 2016 at 1:33 PM, Kevin Ross <sedecim at gmail.com> wrote:
>> Hi folks,
>> I posted this question to the KVM list, but I thought I'd try here
>> too--sorry if this is the wrong place to post this, can you please
>> direct me to the correct forum or list if so, thanks!
>> I'm working on a network security project, using KVM installed on
>> CentOS 6.7 through yum. I have a VM with the goal of using this as a
>> network appliance, and two other VMs, one simulating an attack node
>> and the other simulating a vulnerable webapp. These are all connected
>> to the same internal private network set up in KVM. The idea with the
>> network appliance VM is to have it act as if it's connected to a
>> network tap so it can see the traffic between the other two VMs. I'm
>> not able to see the traffic currently and would appreciate your help
>> or suggestions to see if this is possible and how I can set this up if
> From the KVM host you should be able to point tcpdump at the vnetX
> interfaces and sniff.
> I've had to do this on occasion (with a bridged network setup) when a web
> hosting VM was being brute forced.
>> so. I came across some information online suggesting to have the
>> interfaces in promiscuous mode, including the virtual NIC for the
>> private network, and I've tried all combinations. Thanks for any help
>> you can offer!
> Start by determining what interface your VM is attached to.
> We have no idea the network layout of your KVM set up for VMs either.
> Look at the XML for your VM to determine which interface it's tied to.
> --
> ---~~.~~---
> Mike
> //  SilverTip257  //
> _______________________________________________
> CentOS-virt mailing list
> CentOS-virt at centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt

sedecim at gmail.com