List VMs and their uplinks.
netdbg vswitch instance list
Capture DHCP traffic (udp 67, udp 67) n vmnic0 interface and send it to tcpdump to filter DHCP communication.
pktcap-uw --uplink vmnic1 --capture UplinkRcvKernel,UplinkSndKernel -o - | tcpdump-uw -r - udp port 67 or udp port 68
14:45:46.375602 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:50:56:99:fe:6a (oui Unknown), length 300
14:45:46.376233 IP 192.168.4.5.bootps > 192.168.4.178.bootpc: BOOTP/DHCP, Reply, length 307
For more info see. https://knowledge.broadcom.com/external/article?articleNumber=341568
Filter TCP Open Connections
This is the tcpdump command to display attempts to open TCP connections (TCP SYN) from IP address 192.168.123.22
pktcap-uw --uplink vmnic4 --capture UplinkRcvKernel,UplinkSndKernel -o - | tcpdump-uw -r - 'src host 192.168.123.22 and tcp[tcpflags] & tcp-syn != 0 and tcp[tcpflags] & tcp-ack == 0'
Explanation:
-n
→ Do not resolve hostnames.-i <interface>
→ Specify the network interface (e.g.,eth0
).'src host 192.168.123.22'
→ Filter packets from the source IP192.168.123.22
.'tcp[tcpflags] & tcp-syn != 0'
→ Match packets where the SYN flag is set.'tcp[tcpflags] & tcp-ack == 0'
→ Ensure the ACK flag is not set (to exclude SYN-ACK responses).
No comments:
Post a Comment