Re: [Tcpreplay-users] Tcpreplay on VMware Workstation over Host Only

bust3r byt3s Fri, 30 Sep 2016 13:45:06 -0700

Thanks Fred.

On Fri, Sep 30, 2016 at 2:05 PM, Fredrick Klassen <fklas...@appneta.com>
wrote:


> Shane,
>
> Don't know much about VMware Workstation, but I assume the same rules
> apply. Generally, sending promiscuous data and VLAN tags guest is
> considered a security threat. OVS is the solution I generally use for KVM.
>
> Fred.
>
>
> On Sep 30, 2016, at 10:51 AM, bust3r byt3s <bus...@busterbytes.com> wrote:
>
> HI Frank,
>
> Thanks for the response. Perhaps I misunderstand your assumption, but no,
> I'm not using KVM. I have two VMs running on VMware Workstation 12. The
> machine hosting VMware is a Windows 10 machine.
> I'm attempting to replay traffic from one to the other over the host-only
> interface.
>
> Shane
>
>
> On Fri, Sep 30, 2016 at 12:43 PM, Fredrick Klassen <fklas...@appneta.com>
> wrote:
>
>> I assume you are using KVM.
>>
>> You cannot receive promiscuously from a KVM guest unless you use
>> something like OpenVswitch, VALE/netmap, PF_RING. You cannot even get VLAN
>> tags. Only broadcast traffic and direct traffic to the guest's IP address
>> is allowed. This includes using bridging and other technologies, e.g.
>> SR-IOV.
>>
>> Fred.
>>
>> On Sep 28, 2016, at 5:15 PM, bust3r byt3s <bus...@busterbytes.com> wrote:
>>
>> Hello:
>>
>>
>> I am attempting to replay a pcap from within a VM over the local host
>> connection to another VM on the same.
>>
>> I have no trouble communicating between the two VMs, HTTP traffic, ICMP,
>> SSH, TCP in general all gets through just fine.
>>
>> The pcap I'm replaying is actually a replay of traffic captured between
>> the two VMs
>>
>>
>> Details:
>>
>> Host machine running Windows 10
>> VMs created and running on VMware Workstation 12
>>
>> VM1: Kali Linux 2016.1
>>
>> Network interface configured for Host-only
>>
>> VM2: Proprietary Linux based version
>>
>> Network interface configured for Host-only
>>
>>
>> tcpreplay version: 3.4.4 (build 2450) (debug)
>>
>> Copyright 2000-2010 by Aaron Turner <aturner at synfin dot net>
>>
>> Cache file supported: 04
>>
>> Not compiled with libdnet.
>>
>> Compiled against libpcap: 1.7.4
>>
>> 64 bit packet counters: enabled
>>
>> Verbose printing via tcpdump: enabled
>>
>> Packet editing: disabled
>>
>> Fragroute engine: disabled
>>
>> Injection method: PF_PACKET send()
>>
>>
>>
>> When I attempt the following:
>> tcpreplay -v -d 5 --intf1=eth0 <pcapfile.pcap>
>>
>>
>> There is no traffic visible in wireshark and the following is printed to
>> the terminal:
>>
>>
>>  DEBUG1 in sendpacket.c:sendpacket_open_pf() line 617: sendpacket: using
>> PF_PACKET
>>
>> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 1152 bytes in
>> sendpacket.c:sendpacket_open_pf() line 690
>>
>> sending out eth0
>>
>> processing file: fixed_checksums2.pcap
>>
>> DEBUG5 in tcpdump.c:tcpdump_open() line 173: Opening tcpdump debug file:
>> tcpdump.debug
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 183: Prepping tcpdump options...
>>
>> DEBUG2 in tcpdump.c:tcpdump_fill_in_options() line 328: [child] Will
>> execute: tcpdump  -n -l -r -
>>
>> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in
>> tcpdump.c:tcpdump_fill_in_options() line 336
>>
>> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in
>> tcpdump.c:tcpdump_fill_in_options() line 350
>>
>> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in
>> tcpdump.c:tcpdump_fill_in_options() line 350
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 186: Starting tcpdump...
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 200: tcpdump pid: 29932
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 204: [parent] closing input fd 7
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 206: [parent] closing output fd 9
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 200: tcpdump pid: 0
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 227: [child] started the kid
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 230: [child] closing in fd 6
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 231: [child] closing out fd 8
>>
>> DEBUG2 in tcpdump.c:tcpdump_open() line 250: [child] Exec'ing tcpdump...
>>
>> reading from file -, link-type EN10MB (Ethernet)
>>
>> DEBUG2 in send_packets.c:send_packets() line 138: packet 1 caplen 74
>>
>>
>> Fatal Error in tcpdump.c:tcpdump_print() line 135:
>>
>> poll() timeout... tcpdump seems to be having a problem keeping up
>>
>> Try increasing TCPDUMP_POLL_TIMEOUT
>>
>> tcpdump: pcap_loop: truncated dump file; tried to read 77746 captured
>> bytes, only got 82
>>
>>
>> I have tried bridging the connection to a dummy interface as suggested
>> here:
>> http://unix.stackexchange.com/questions/152331/how-can-i-cre
>> ate-a-virtual-ethernet-interface-on-a-machine-without-a-physical-ad
>>
>>
>> But no luck.
>>
>>
>> Can anyone help?
>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> _______________________________________________
>> Tcpreplay-users mailing list
>> Tcpreplay-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Tcpreplay-users mailing list
>> Tcpreplay-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
>> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot______
> _________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Tcpreplay-users mailing list
> Tcpreplay-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Tcpreplay-users mailing list
Tcpreplay-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
Support Information: http://tcpreplay.synfin.net/trac/wiki/Support

Re: [Tcpreplay-users] Tcpreplay on VMware Workstation over Host Only

Reply via email to