Re: [Tcpreplay-users] Tcpreplay on VMware Workstation over Host Only

Fredrick Klassen Fri, 30 Sep 2016 10:45:12 -0700

I assume you are using KVM.

You cannot receive promiscuously from a KVM guest unless you use something like 
OpenVswitch, VALE/netmap, PF_RING. You cannot even get VLAN tags. Only 
broadcast traffic and direct traffic to the guest's IP address is allowed. This 
includes using bridging and other technologies, e.g. SR-IOV.


Fred.

> On Sep 28, 2016, at 5:15 PM, bust3r byt3s <bus...@busterbytes.com> wrote:
> 
> Hello:
> 
>  
> I am attempting to replay a pcap from within a VM over the local host 
> connection to another VM on the same.
> 
> I have no trouble communicating between the two VMs, HTTP traffic, ICMP, SSH, 
> TCP in general all gets through just fine.
> 
> The pcap I'm replaying is actually a replay of traffic captured between the 
> two VMs
> 
>  
> Details:
> 
> Host machine running Windows 10
> VMs created and running on VMware Workstation 12
> 
> VM1: Kali Linux 2016.1
> 
> Network interface configured for Host-only
> 
> VM2: Proprietary Linux based version
> 
> Network interface configured for Host-only
> 
>  
> tcpreplay version: 3.4.4 (build 2450) (debug)
> 
> Copyright 2000-2010 by Aaron Turner <aturner at synfin dot net>
> 
> Cache file supported: 04
> 
> Not compiled with libdnet.
> 
> Compiled against libpcap: 1.7.4
> 
> 64 bit packet counters: enabled
> 
> Verbose printing via tcpdump: enabled
> 
> Packet editing: disabled
> 
> Fragroute engine: disabled
> 
> Injection method: PF_PACKET send()
> 
>  
>  
> When I attempt the following: 
> tcpreplay -v -d 5 --intf1=eth0 <pcapfile.pcap>
> 
>  
> There is no traffic visible in wireshark and the following is printed to the 
> terminal:
> 
>  
>  DEBUG1 in sendpacket.c:sendpacket_open_pf() line 617: sendpacket: using 
> PF_PACKET
> 
> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 1152 bytes in 
> sendpacket.c:sendpacket_open_pf() line 690
> 
> sending out eth0
> 
> processing file: fixed_checksums2.pcap
> 
> DEBUG5 in tcpdump.c:tcpdump_open() line 173: Opening tcpdump debug file: 
> tcpdump.debug
> 
> DEBUG2 in tcpdump.c:tcpdump_open() line 183: Prepping tcpdump options...
> 
> DEBUG2 in tcpdump.c:tcpdump_fill_in_options() line 328: [child] Will execute: 
> tcpdump  -n -l -r -
> 
> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in 
> tcpdump.c:tcpdump_fill_in_options() line 336
> 
> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in 
> tcpdump.c:tcpdump_fill_in_options() line 350
> 
> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in 
> tcpdump.c:tcpdump_fill_in_options() line 350
> 
> DEBUG2 in tcpdump.c:tcpdump_open() line 186: Starting tcpdump...
> 
> DEBUG2 in tcpdump.c:tcpdump_open() line 200: tcpdump pid: 29932
> 
> DEBUG2 in tcpdump.c:tcpdump_open() line 204: [parent] closing input fd 7
> 
> DEBUG2 in tcpdump.c:tcpdump_open() line 206: [parent] closing output fd 9
> 
> DEBUG2 in tcpdump.c:tcpdump_open() line 200: tcpdump pid: 0
> 
> DEBUG2 in tcpdump.c:tcpdump_open() line 227: [child] started the kid
> 
> DEBUG2 in tcpdump.c:tcpdump_open() line 230: [child] closing in fd 6
> 
> DEBUG2 in tcpdump.c:tcpdump_open() line 231: [child] closing out fd 8
> 
> DEBUG2 in tcpdump.c:tcpdump_open() line 250: [child] Exec'ing tcpdump...
> 
> reading from file -, link-type EN10MB (Ethernet)
> 
> DEBUG2 in send_packets.c:send_packets() line 138: packet 1 caplen 74
> 
>  
> Fatal Error in tcpdump.c:tcpdump_print() line 135:
> 
> poll() timeout... tcpdump seems to be having a problem keeping up
> 
> Try increasing TCPDUMP_POLL_TIMEOUT
> 
> tcpdump: pcap_loop: truncated dump file; tried to read 77746 captured bytes, 
> only got 82
> 
>  
> I have tried bridging the connection to a dummy interface as suggested here:
> http://unix.stackexchange.com/questions/152331/how-can-i-create-a-virtual-ethernet-interface-on-a-machine-without-a-physical-ad
>  
> <http://unix.stackexchange.com/questions/152331/how-can-i-create-a-virtual-ethernet-interface-on-a-machine-without-a-physical-ad>
>  
> But no luck.
> 
>  
> Can anyone help?
> 
>  
>  
> 
> ------------------------------------------------------------------------------
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Re: [Tcpreplay-users] Tcpreplay on VMware Workstation over Host Only

Reply via email to