Shane,

Don't know much about VMware Workstation, but I assume the same rules apply. 
Generally, sending promiscuous data and VLAN tags guest is considered a 
security threat. OVS is the solution I generally use for KVM.

Fred.
 
> On Sep 30, 2016, at 10:51 AM, bust3r byt3s <bus...@busterbytes.com> wrote:
> 
> HI Frank, 
> 
> Thanks for the response. Perhaps I misunderstand your assumption, but no, I'm 
> not using KVM. I have two VMs running on VMware Workstation 12. The machine 
> hosting VMware is a Windows 10 machine.
> I'm attempting to replay traffic from one to the other over the host-only 
> interface.
> 
> Shane
> 
> 
> On Fri, Sep 30, 2016 at 12:43 PM, Fredrick Klassen <fklas...@appneta.com 
> <mailto:fklas...@appneta.com>> wrote:
> I assume you are using KVM.
> 
> You cannot receive promiscuously from a KVM guest unless you use something 
> like OpenVswitch, VALE/netmap, PF_RING. You cannot even get VLAN tags. Only 
> broadcast traffic and direct traffic to the guest's IP address is allowed. 
> This includes using bridging and other technologies, e.g. SR-IOV.
> 
> Fred.
> 
>> On Sep 28, 2016, at 5:15 PM, bust3r byt3s <bus...@busterbytes.com 
>> <mailto:bus...@busterbytes.com>> wrote:
>> 
>> Hello:
>> 
>>  
>> I am attempting to replay a pcap from within a VM over the local host 
>> connection to another VM on the same.
>> 
>> I have no trouble communicating between the two VMs, HTTP traffic, ICMP, 
>> SSH, TCP in general all gets through just fine.
>> 
>> The pcap I'm replaying is actually a replay of traffic captured between the 
>> two VMs
>> 
>>  
>> Details:
>> 
>> Host machine running Windows 10
>> VMs created and running on VMware Workstation 12
>> 
>> VM1: Kali Linux 2016.1
>> 
>> Network interface configured for Host-only
>> 
>> VM2: Proprietary Linux based version
>> 
>> Network interface configured for Host-only
>> 
>>  
>> tcpreplay version: 3.4.4 (build 2450) (debug)
>> 
>> Copyright 2000-2010 by Aaron Turner <aturner at synfin dot net>
>> 
>> Cache file supported: 04
>> 
>> Not compiled with libdnet.
>> 
>> Compiled against libpcap: 1.7.4
>> 
>> 64 bit packet counters: enabled
>> 
>> Verbose printing via tcpdump: enabled
>> 
>> Packet editing: disabled
>> 
>> Fragroute engine: disabled
>> 
>> Injection method: PF_PACKET send()
>> 
>>  
>>  
>> When I attempt the following: 
>> tcpreplay -v -d 5 --intf1=eth0 <pcapfile.pcap>
>> 
>>  
>> There is no traffic visible in wireshark and the following is printed to the 
>> terminal:
>> 
>>  
>>  DEBUG1 in sendpacket.c:sendpacket_open_pf() line 617: sendpacket: using 
>> PF_PACKET
>> 
>> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 1152 bytes in 
>> sendpacket.c:sendpacket_open_pf() line 690
>> 
>> sending out eth0
>> 
>> processing file: fixed_checksums2.pcap
>> 
>> DEBUG5 in tcpdump.c:tcpdump_open() line 173: Opening tcpdump debug file: 
>> tcpdump.debug
>> 
>> DEBUG2 in tcpdump.c:tcpdump_open() line 183: Prepping tcpdump options...
>> 
>> DEBUG2 in tcpdump.c:tcpdump_fill_in_options() line 328: [child] Will 
>> execute: tcpdump  -n -l -r -
>> 
>> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in 
>> tcpdump.c:tcpdump_fill_in_options() line 336
>> 
>> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in 
>> tcpdump.c:tcpdump_fill_in_options() line 350
>> 
>> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in 
>> tcpdump.c:tcpdump_fill_in_options() line 350
>> 
>> DEBUG2 in tcpdump.c:tcpdump_open() line 186: Starting tcpdump...
>> 
>> DEBUG2 in tcpdump.c:tcpdump_open() line 200: tcpdump pid: 29932
>> 
>> DEBUG2 in tcpdump.c:tcpdump_open() line 204: [parent] closing input fd 7
>> 
>> DEBUG2 in tcpdump.c:tcpdump_open() line 206: [parent] closing output fd 9
>> 
>> DEBUG2 in tcpdump.c:tcpdump_open() line 200: tcpdump pid: 0
>> 
>> DEBUG2 in tcpdump.c:tcpdump_open() line 227: [child] started the kid
>> 
>> DEBUG2 in tcpdump.c:tcpdump_open() line 230: [child] closing in fd 6
>> 
>> DEBUG2 in tcpdump.c:tcpdump_open() line 231: [child] closing out fd 8
>> 
>> DEBUG2 in tcpdump.c:tcpdump_open() line 250: [child] Exec'ing tcpdump...
>> 
>> reading from file -, link-type EN10MB (Ethernet)
>> 
>> DEBUG2 in send_packets.c:send_packets() line 138: packet 1 caplen 74
>> 
>>  
>> Fatal Error in tcpdump.c:tcpdump_print() line 135:
>> 
>> poll() timeout... tcpdump seems to be having a problem keeping up
>> 
>> Try increasing TCPDUMP_POLL_TIMEOUT
>> 
>> tcpdump: pcap_loop: truncated dump file; tried to read 77746 captured bytes, 
>> only got 82
>> 
>>  
>> I have tried bridging the connection to a dummy interface as suggested here:
>> http://unix.stackexchange.com/questions/152331/how-can-i-create-a-virtual-ethernet-interface-on-a-machine-without-a-physical-ad
>>  
>> <http://unix.stackexchange.com/questions/152331/how-can-i-create-a-virtual-ethernet-interface-on-a-machine-without-a-physical-ad>
>>  
>> But no luck.
>> 
>>  
>> Can anyone help?
>> 
>>  
>>  
>> 
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Tcpreplay-users mailing list
>> Tcpreplay-users@lists.sourceforge.net 
>> <mailto:Tcpreplay-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users 
>> <https://lists.sourceforge.net/lists/listinfo/tcpreplay-users>
>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support 
>> <http://tcpreplay.synfin.net/trac/wiki/Support>
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot 
> <http://sdm.link/slashdot>
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net 
> <mailto:Tcpreplay-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users 
> <https://lists.sourceforge.net/lists/listinfo/tcpreplay-users>
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support 
> <http://tcpreplay.synfin.net/trac/wiki/Support>
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most 
> engaging tech sites, SlashDot.org! 
> http://sdm.link/slashdot_______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Reply via email to