How does bridged networking work in Virtualbox?

How does bridged networking work?

I have looked through the VirtualBox manuals but nothing extremely technical came up (It was just a generic gloss over of the topic).

How does it assign a different IP to the virtual machine but uses the same network card?
Why does this different IP (I found using ip addr under linux) not show up under the "attached devices section" of my router but I can port forward to it?
How come if I connect to a password protected WiFi network, it does not require me to enter my password?
Is this multihoming?

agz

Posted 2013-05-12T07:01:16.357

Reputation: 6 820

Answers

From the VirtualBox manual Chapter 6 of Virtual networking, section Bridged networking :

With bridged networking, VirtualBox uses a device driver on your host system that filters data from your physical network adapter. This driver is therefore called a "net filter" driver. This allows VirtualBox to intercept data from the physical network and inject data into it, effectively creating a new network interface in software. When a guest is using such a new software interface, it looks to the host system as though the guest were physically connected to the interface using a network cable: the host can send data to the guest through that interface and receive data from it. This means that you can set up routing or bridging between the guest and the rest of your network.

From Wikipedia Bridging (networking) :

A network bridge is a network device that connects more than one network segment. In the OSI model, bridging acts in the first two layers, below the network layer.

I have no personal knowledge working at these networking levels, but from the above it seems to me that VirtualBox and other virtual managers use system drivers to inject packages into the network and pretend to be a physical adapter.

As all packages are sent to all the network, each device reading only the packages that are marked with its address (unless sniffing), the virtual driver just injects packages with its own virtual MAC address and responds to packages that are destined to that MAC address, even though physically no such adapter exists.

This is done at a low enough level of the networking model, so that the host will not react to these messages on the higher levels, since they are stamped with a different MAC address than that of the host.

This is exactly the same technique as used by hackers for Spoofing attacks using IP address spoofing.

The virtual MAC address is invented by the virtual machine manager, or can be specified or changed at any time. It can be any legal MAC address that doesn't duplicate that of some other device on the local network.

The IP address is allocated to that virtual adapter by the DHCP server, which is usually the router, just as it does for any other physical device.

The reason that you can connect to a password protected WiFi network without entering the password is more puzzling, but I conjecture that the VirtualBox driver found and used the token that was returned to the host when it logged on to the network. This will also explain why it does not show up under the "Attached devices section" of your router, because it never formally attached itself to the network. Forwarding still works because the router just re-sends the package to the forwarded address and the VirtualBox driver answers.

Finally, this is not multihoming, which is one computer running one operating system that has multiple IP addresses via multiple adapters, all of them known to this one OS.

For more information, see the Wikipedia article about the OSI model, and especially regarding the OSI layers.

harrymc

Posted 2013-05-12T07:01:16.357

Reputation: 306 093

Bridged Networking works under the concept that whatever software you are using to virtualize your machine creates an interface for that virtual machine to use. In this case it is sharing your host machine network adapter and the software acts as an interface between the hardware and your virtual network adapter.

Now that we understand that both are using the same network adapter, we can assume they will both behave in a congruent manner. If your host machine uses DHCP to retrieve an IP address, then your VM is capable of doing the same thing. If it is statically set, so on and so forth.

If you look up your DHCP lease table in your router, it will show both devices. From your routers point of view they are two different devices. From my understanding, if you are using ARP on your LAN you should be seeing both devices as unique. Any packets bound for your VM machine should never even hit the IP stack of the host machine.

Will.Beninger

Posted 2013-05-12T07:01:16.357

Reputation: 1 402