If you are trying to replay traffic from VM1 to VM2 over the "host only interface" well, that's your problem. There is no routing/forwarding of packets by VMWare between VM's over the host only interface. -- Aaron Turner https://synfin.net/ Twitter: @synfinatic Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin
On Fri, Sep 30, 2016 at 10:51 AM, bust3r byt3s <bus...@busterbytes.com> wrote: > HI Frank, > > Thanks for the response. Perhaps I misunderstand your assumption, but no, > I'm not using KVM. I have two VMs running on VMware Workstation 12. The > machine hosting VMware is a Windows 10 machine. > I'm attempting to replay traffic from one to the other over the host-only > interface. > > Shane > > > On Fri, Sep 30, 2016 at 12:43 PM, Fredrick Klassen <fklas...@appneta.com> > wrote: >> >> I assume you are using KVM. >> >> You cannot receive promiscuously from a KVM guest unless you use something >> like OpenVswitch, VALE/netmap, PF_RING. You cannot even get VLAN tags. Only >> broadcast traffic and direct traffic to the guest's IP address is allowed. >> This includes using bridging and other technologies, e.g. SR-IOV. >> >> Fred. >> >> On Sep 28, 2016, at 5:15 PM, bust3r byt3s <bus...@busterbytes.com> wrote: >> >> Hello: >> >> >> >> I am attempting to replay a pcap from within a VM over the local host >> connection to another VM on the same. >> >> I have no trouble communicating between the two VMs, HTTP traffic, ICMP, >> SSH, TCP in general all gets through just fine. >> >> The pcap I'm replaying is actually a replay of traffic captured between >> the two VMs >> >> >> >> Details: >> >> Host machine running Windows 10 >> VMs created and running on VMware Workstation 12 >> >> VM1: Kali Linux 2016.1 >> >> Network interface configured for Host-only >> >> VM2: Proprietary Linux based version >> >> Network interface configured for Host-only >> >> >> >> tcpreplay version: 3.4.4 (build 2450) (debug) >> >> Copyright 2000-2010 by Aaron Turner <aturner at synfin dot net> >> >> Cache file supported: 04 >> >> Not compiled with libdnet. >> >> Compiled against libpcap: 1.7.4 >> >> 64 bit packet counters: enabled >> >> Verbose printing via tcpdump: enabled >> >> Packet editing: disabled >> >> Fragroute engine: disabled >> >> Injection method: PF_PACKET send() >> >> >> >> >> When I attempt the following: >> tcpreplay -v -d 5 --intf1=eth0 <pcapfile.pcap> >> >> >> >> There is no traffic visible in wireshark and the following is printed to >> the terminal: >> >> >> >> DEBUG1 in sendpacket.c:sendpacket_open_pf() line 617: sendpacket: using >> PF_PACKET >> >> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 1152 bytes in >> sendpacket.c:sendpacket_open_pf() line 690 >> >> sending out eth0 >> >> processing file: fixed_checksums2.pcap >> >> DEBUG5 in tcpdump.c:tcpdump_open() line 173: Opening tcpdump debug file: >> tcpdump.debug >> >> DEBUG2 in tcpdump.c:tcpdump_open() line 183: Prepping tcpdump options... >> >> DEBUG2 in tcpdump.c:tcpdump_fill_in_options() line 328: [child] Will >> execute: tcpdump -n -l -r - >> >> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in >> tcpdump.c:tcpdump_fill_in_options() line 336 >> >> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in >> tcpdump.c:tcpdump_fill_in_options() line 350 >> >> DEBUG5 in utils.c:_our_safe_malloc() line 66: Malloc'd 3 bytes in >> tcpdump.c:tcpdump_fill_in_options() line 350 >> >> DEBUG2 in tcpdump.c:tcpdump_open() line 186: Starting tcpdump... >> >> DEBUG2 in tcpdump.c:tcpdump_open() line 200: tcpdump pid: 29932 >> >> DEBUG2 in tcpdump.c:tcpdump_open() line 204: [parent] closing input fd 7 >> >> DEBUG2 in tcpdump.c:tcpdump_open() line 206: [parent] closing output fd 9 >> >> DEBUG2 in tcpdump.c:tcpdump_open() line 200: tcpdump pid: 0 >> >> DEBUG2 in tcpdump.c:tcpdump_open() line 227: [child] started the kid >> >> DEBUG2 in tcpdump.c:tcpdump_open() line 230: [child] closing in fd 6 >> >> DEBUG2 in tcpdump.c:tcpdump_open() line 231: [child] closing out fd 8 >> >> DEBUG2 in tcpdump.c:tcpdump_open() line 250: [child] Exec'ing tcpdump... >> >> reading from file -, link-type EN10MB (Ethernet) >> >> DEBUG2 in send_packets.c:send_packets() line 138: packet 1 caplen 74 >> >> >> >> Fatal Error in tcpdump.c:tcpdump_print() line 135: >> >> poll() timeout... tcpdump seems to be having a problem keeping up >> >> Try increasing TCPDUMP_POLL_TIMEOUT >> >> tcpdump: pcap_loop: truncated dump file; tried to read 77746 captured >> bytes, only got 82 >> >> >> >> I have tried bridging the connection to a dummy interface as suggested >> here: >> >> http://unix.stackexchange.com/questions/152331/how-can-i-create-a-virtual-ethernet-interface-on-a-machine-without-a-physical-ad >> >> >> >> But no luck. >> >> >> >> Can anyone help? >> >> >> >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Tcpreplay-users mailing list >> Tcpreplay-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support >> >> >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> _______________________________________________ >> Tcpreplay-users mailing list >> Tcpreplay-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/tcpreplay-users >> Support Information: http://tcpreplay.synfin.net/trac/wiki/Support > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Tcpreplay-users mailing list > Tcpreplay-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tcpreplay-users > Support Information: http://tcpreplay.synfin.net/trac/wiki/Support ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
