From: bust3r b. <bu...@bu...> - 2016-09-30 17:52:00
|
HI Frank, Thanks for the response. Perhaps I misunderstand your assumption, but no, I'm not using KVM. I have two VMs running on VMware Workstation 12. The machine hosting VMware is a Windows 10 machine. I'm attempting to replay traffic from one to the other over the host-only interface. Shane On Fri, Sep 30, 2016 at 12:43 PM, Fredrick Klassen <fkl...@ap...> wrote: > I assume you are using KVM. > > You cannot receive promiscuously from a KVM guest unless you use something > like OpenVswitch, VALE/netmap, PF_RING. You cannot even get VLAN tags. Only > broadcast traffic and direct traffic to the guest's IP address is allowed. > This includes using bridging and other technologies, e.g. SR-IOV. > > Fred. > > On Sep 28, 2016, at 5:15 PM, bust3r byt3s <bu...@bu...> wrote: > > Hello: > > > I am attempting to replay a pcap from within a VM over the local host > connection to another VM on the same. > > I have no trouble communicating between the two VMs, HTTP traffic, ICMP, > SSH, TCP in general all gets through just fine. > > The pcap I'm replaying is actually a replay of traffic captured between > the two VMs > > > Details: > > Host machine running Windows 10 > VMs created and running on VMware Workstation 12 > > VM1: Kali Linux 2016.1 > > Network interface configured for Host-only > > VM2: Proprietary Linux based version > > Network interface configured for Host-only > > > tcpreplay version: 3.4.4 (build 2450) (debug) > > Copyright 2000-2010 by Aaron Turner <aturner at synfin dot net> > > Cache file supported: 04 > > Not compiled with libdnet. > > Compiled against libpcap: 1.7.4 > > 64 bit packet counters: enabled > > Verbose printing via tcpdump: enabled > > Packet editing: disabled > > Fragroute engine: disabled > > Injection method: PF_PACKET send() > > > > When I attempt the following: > tcpreplay -v -d 5 --intf1=eth0 <pcapfile.pcap> > > > There is no traffic visible in wireshark and the following is printed to > the terminal: > > > DEBUG1 in sendpacket.c:sendpacket_open_pf() line 617: sendpacket: using > PF_PACKET > > DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 1152 bytes in > sendpacket.c:sendpacket_open_pf() line 690 > > sending out eth0 > > processing file: fixed_checksums2.pcap > > DEBUG5 in tcpdump.c:tcpdump_open() line 173: Opening tcpdump debug file: > tcpdump.debug > > DEBUG2 in tcpdump.c:tcpdump_open() line 183: Prepping tcpdump options... > > DEBUG2 in tcpdump.c:tcpdump_fill_in_options() line 328: [child] Will > execute: tcpdump -n -l -r - > > DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in > tcpdump.c:tcpdump_fill_in_options() line 336 > > DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in > tcpdump.c:tcpdump_fill_in_options() line 350 > > DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in > tcpdump.c:tcpdump_fill_in_options() line 350 > > DEBUG2 in tcpdump.c:tcpdump_open() line 186: Starting tcpdump... > > DEBUG2 in tcpdump.c:tcpdump_open() line 200: tcpdump pid: 29932 > > DEBUG2 in tcpdump.c:tcpdump_open() line 204: [parent] closing input fd 7 > > DEBUG2 in tcpdump.c:tcpdump_open() line 206: [parent] closing output fd 9 > > DEBUG2 in tcpdump.c:tcpdump_open() line 200: tcpdump pid: 0 > > DEBUG2 in tcpdump.c:tcpdump_open() line 227: [child] started the kid > > DEBUG2 in tcpdump.c:tcpdump_open() line 230: [child] closing in fd 6 > > DEBUG2 in tcpdump.c:tcpdump_open() line 231: [child] closing out fd 8 > > DEBUG2 in tcpdump.c:tcpdump_open() line 250: [child] Exec'ing tcpdump... > > reading from file -, link-type EN10MB (Ethernet) > > DEBUG2 in send_packets.c:send_packets() line 138: packet 1 caplen 74 > > > Fatal Error in tcpdump.c:tcpdump_print() line 135: > > poll() timeout... tcpdump seems to be having a problem keeping up > > Try increasing TCPDUMP_POLL_TIMEOUT > > tcpdump: pcap_loop: truncated dump file; tried to read 77746 captured > bytes, only got 82 > > > I have tried bridging the connection to a dummy interface as suggested > here: > http://unix.stackexchange.com/questions/152331/how-can-i-cre > ate-a-virtual-ethernet-interface-on-a-machine-without-a-physical-ad > > > But no luck. > > > Can anyone help? > > > > ------------------------------------------------------------ > ------------------ > _______________________________________________ > Tcpreplay-users mailing list > Tcp...@li... > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Tcpreplay-users mailing list > Tcp...@li... > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > |