Shane,
Don't know much about VMware Workstation, but I assume the same rules apply.
Generally, sending promiscuous data and VLAN tags guest is considered a
security threat. OVS is the solution I generally use for KVM.
Fred.
> On Sep 30, 2016, at 10:51 AM, bust3r byt3s <bus...@busterbytes.com> wrote:
>
> HI Frank,
>
> Thanks for the response. Perhaps I misunderstand your assumption, but no, I'm
> not using KVM. I have two VMs running on VMware Workstation 12. The machine
> hosting VMware is a Windows 10 machine.
> I'm attempting to replay traffic from one to the other over the host-only
> interface.
>
> Shane
>
>
> On Fri, Sep 30, 2016 at 12:43 PM, Fredrick Klassen <fklas...@appneta.com
> <mailto:fklas...@appneta.com>> wrote:
> I assume you are using KVM.
>
> You cannot receive promiscuously from a KVM guest unless you use something
> like OpenVswitch, VALE/netmap, PF_RING. You cannot even get VLAN tags. Only
> broadcast traffic and direct traffic to the guest's IP address is allowed.
> This includes using bridging and other technologies, e.g. SR-IOV.
>
> Fred.
>
>> On Sep 28, 2016, at 5:15 PM, bust3r byt3s <bus...@busterbytes.com
>> <mailto:bus...@busterbytes.com>> wrote:
>>
>> Hello:
>>
>>
>> I am attempting to replay a pcap from within a VM over the local host
>> connection to another VM on the same.
>>
>> I have no trouble communicating between the two VMs, HTTP traffic, ICMP,
>> SSH, TCP in general all gets through just fine.
>>
>> The pcap I'm replaying is actually a replay of traffic captured between the
>> two VMs
>>
>>
>> Details:
>>
>> Host machine running Windows 10
>> VMs created and running on VMware Workstation 12
>>
>> VM1: Kali Linux 2016.1
>>
>> Network interface configured for Host-only
>>
>> VM2: Proprietary Linux based version
>>
>> Network interface configured for Host-only
>>
>>
>> tcpreplay version: 3.4.4 (build 2450) (debug)
>>
>> Copyright 2000-2010 by Aaron Turner <aturner at synfin dot net>
>>
>> Cache file supported: 04
>>
>> Not compiled with libdnet.
>>
>> Compiled against libpcap: 1.7.4
>>
>> 64 bit packet counters: enabled
>>
>> Verbose printing via tcpdump: enabled
>>
>> Packet editing: disabled
>>
>> Fragroute engine: disabled
>>
>> Injection method: PF_PACKET send()
>>
>>
>>
>> When I attempt the following:
>> tcpreplay -v -d 5 --intf1=eth0 <pcapfile.pcap>
>>
>>
>> There is no traffic visible in wireshark and the following is printed to the
>> terminal:
>>
>>
>> DEBUG1 in sendpacket.c:sendpacket_open_pf() line 617: sendpacket: using
>> PF_PACKET
>>
>> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 1152 bytes in
>> sendpacket.c:sendpacket_open_pf() line 690
>>
>> sending out eth0
>>
>> processing file: fixed_checksums2.pcap
>>
>> DEBUG5 in tcpdump.c:tcpdump_open() line 173: Opening tcpdump debug file:
>> tcpdump.debug
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 183: Prepping tcpdump options...
>>
>> DEBUG2 in tcpdump.c:tcpdump_fill_in_options() line 328: [child] Will
>> execute: tcpdump -n -l -r -
>>
>> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in
>> tcpdump.c:tcpdump_fill_in_options() line 336
>>
>> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in
>> tcpdump.c:tcpdump_fill_in_options() line 350
>>
>> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in
>> tcpdump.c:tcpdump_fill_in_options() line 350
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 186: Starting tcpdump...
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 200: tcpdump pid: 29932
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 204: [parent] closing input fd 7
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 206: [parent] closing output fd 9
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 200: tcpdump pid: 0
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 227: [child] started the kid
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 230: [child] closing in fd 6
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 231: [child] closing out fd 8
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 250: [child] Exec'ing tcpdump...
>>
>> reading from file -, link-type EN10MB (Ethernet)
>>
>> DEBUG2 in send_packets.c:send_packets() line 138: packet 1 caplen 74
>>
>>
>> Fatal Error in tcpdump.c:tcpdump_print() line 135:
>>
>> poll() timeout... tcpdump seems to be having a problem keeping up
>>
>> Try increasing TCPDUMP_POLL_TIMEOUT
>>
>> tcpdump: pcap_loop: truncated dump file; tried to read 77746 captured bytes,
>> only got 82
>>
>>
>> I have tried bridging the connection to a dummy interface as suggested here:
>> http://unix.stackexchange.com/questions/152331/how-can-i-create-a-virtual-ethernet-interface-on-a-machine-without-a-physical-ad
>>
>> <http://unix.stackexchange.com/questions/152331/how-can-i-create-a-virtual-ethernet-interface-on-a-machine-without-a-physical-ad>
>>
>> But no luck.
>>
>>
>> Can anyone help?
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Tcpreplay-users mailing list
>> Tcpreplay-users@lists.sourceforge.net
>> <mailto:Tcpreplay-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> <https://lists.sourceforge.net/lists/listinfo/tcpreplay-users>
>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>> <http://tcpreplay.synfin.net/trac/wiki/Support>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> <http://sdm.link/slashdot>
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> <mailto:Tcpreplay-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> <https://lists.sourceforge.net/lists/listinfo/tcpreplay-users>
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
> <http://tcpreplay.synfin.net/trac/wiki/Support>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org!
> http://sdm.link/slashdot_______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
