Hi all, I am trying to understand packet flow between vm and host outside.Although this question is not directly related to Wireshark but i want to make use of general networking expertise in this forum.I am sorry for this lengthy question. &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& Setup: Host1 running RHEL7 with KVM Virtualization. Guest/VM running RHEL7 on Host1. Host2 running Fedora. &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& Brief output on Host1 root#ip a s 1.lo 2.enp4s0f2 3.wlp3s0 4.virbr0 5.virbr0-nic 6.vnet0 root#brctl show bridgename bridge id STP enabled interfaces virbr0 xxxx.xxxxxxxxxxxx yes virbr0-nic,vnet0 I came to know that vnet0 is the interface connected to eth0 of virtual machine.virbr0 is the bridge and i am not sure about virbr0-nic. Like vnet0,the interface connected to eth0 of virtual machine,i assumed that virbr0-nic is the virtual interface connected to enp4s0f2 (which is the Physical interface of Host1). &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& Test case1: Host1 is connected to Host2 on wired network(enp4s0f2) I tried ssh from virtual machine on Host1 to Host2. Up on collecting Wireshark traces I assumed that packet was switched from vnet0 to virbr0-nic by bridge(virbr0).Virbr0-nic placed the packet on Ethernet interface(enp4s0f2) which did routing(ip.forward=1) and Natting to forward the packet to Host2.The flow was such that Host2 thinks that the ssh packet is originated from Host1 and in same way,for reply traffic (from Host2) ,Host1 did natting to replace dest ip to VM IP.This packet on virbr0-nic switched to vnet0 by virbr0 to finally place it on eth0 of virtual machine. Test Case2: Host1 is connected to Host2 on wireless network(wlp3s0) I disabled wired interfaces on Host1 and Host2. I expected that VM on Host1 can't ssh to Host2 because of lack of ethernet connectivity but to my surprise it worked like before(Test case1). Is it safe to assume now virbr0-nic is virtual interface of wlp3s0(wireless interface) on host1? asked 09 Jul '15, 02:22  krishnayeddula |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
