1
So I want to sniff the traffic from a virtual bridge (virbr2) from a virtual machine. I can successfully sniff virbr2 directly from the host machine, but when setting that interface to the virtual machine I don't see anything. This is the network configuration of the virtual machine (virsh edit):
<interface type='bridge'>
<mac address='52:54:00:78:11:bf'/>
<source bridge='virbr2'/>
<model type='rtl8139/>
<alias name='net1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</interface>
Then I get nothing, then I've tried to create a tap interface with:
ip tuntap add tap20 mode tap
ip link set tap20 master virbr2
ip link set tap20 up
it resolves to:
<interface type='bridge'>
<mac address='52:54:00:78:11:bf'/>
<source bridge='tap20'/>
<model type='e1000'/>
<alias name='net1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</interface>
And I can only see broadcast traffic...
Which would be the correct approach and why is it not working?
I'm running Debian 9 and virsh as root.
Thanksss!!!!
ignasivt
Posted 2017-08-14T19:45:59.553
Reputation: 11
Does Wireshark work – Biswapriyo – 2017-08-14T20:26:29.127
Hi, thanks for the answer, but wireshark does not work neither does tshark. – ignasivt – 2017-08-14T21:02:24.157