Saturday, 24 September 2011

QEMU Networking

I've been playing with PXE booting and I needed a test setup that I could run from my laptop.  I wanted to create a small isolated network between a few virtual machines.  I generally use virtualbox but for this project I decided to QEMU.

I had just a few requirements:
  • I wanted to record the traffic to pcap files for wireshark analysis.  This is essential for diagnosing PXE failures and for understanding exactly what's going on.
  • I needed to add and remove machines easily without changing the configuration on the other virtual machines.
  • I wanted it to be easy.  No root access, no messing with bridging or tun/tap interfaces.
QEMU Networking
QEMU has a few handy features which make this really easy.  For the full story check out the QEMU Networking page that Mark McLoughlin put together.

Multicast networks allow multiple VMs to communicate with each other just like if they were all connected to a single hub.  Any ethernet frame sent to the network interface on one machine gets sent to all other machines.
-net socket,mcast=239.255.0.1:1234
The second feature is the "dump" network type which will dump any packet to a file.
-net dump,file=log.pcap
Because the multicast "hub" sends all frames to all virtual machines you only need to use the "-net dump" on one of the machines and you will capture all packets.

Launching the VMs
Launch the first machine like this:
$ qemu -hda one.img -net nic -net socket,mcast=239.255.0.1:1234 -net dump,file=log.pcap
And all other machines like this:
$ qemu -hda two.img -net nic -net socket,mcast=239.255.0.1:1234
Multiple NICs
If you have more than one network interface on a machine, you must use the "vlan" option to make sure the options are applied to the correct interface.

If I wanted a gateway VM with eth0 connected through the host to the internet, and eth1 connected to all other virtual machines, it would be launched like this:
$ qemu -hda one.img -net nic,vlan=0 -net user,vlan=0 -net nic,vlan=1 -net socket,vlan=1,mcast=239.255.0.1:1234 -net dump,vlan=1,file=log.pcap
Live capture in Wireshark
If you'd like to see the packet capture in realtime you can use mkfifo to create a FIFO to stream the packets into wireshark's live capture display.  Set it up like this:
$ mkfio live.pcap
$ wireshark -k -i live.pcap &
$ qemu -hda one.img -net nic -net socket,mcast=239.255.0.1:1234 -net dump,file=live.pcap
Enjoy!
Posted by Mike Milner at 20:58
Labels: , , ,

6 comments:

  1. Unknown11 March 2016 at 23:07

    Hi! That is the finish of this post. I generally use virtualbox but for this project I decided to QEMU.Cephx is an easy to use, cloud-based system that provides Orthodontists and Dentists with accurate Cephalometric analyses and convenient image storage. cephalometric angles

    ReplyDelete
    Replies
    1. Patrick Co Eban16 February 2018 at 02:40

      Hi, Great.. Tutorial is just awesome..It is really helpful for a newbie like me.. I am a regular follower of your blog. Really very informative post you shared here. Kindly keep blogging. If anyone wants to become a .Net developer learn from .Net Training in Chennai. or learn thru ASP.NET Essential Training Online

      Delete
  2. Rick Campbell19 October 2016 at 09:24

    Used your hints in my work with electronic data room . Waiting for new articles from you.
    ps. followed

    ReplyDelete
  3. king of seo3 December 2018 at 17:52

    it's really nice and meanful. it's really cool blog. Linking is very useful thing.you have really helped lots of people who visit blog and provide them usefull information.
    mason soiza

    ReplyDelete
  4. victoria seo5 December 2018 at 13:08

    It proved to be Very helpful to me and I am sure to all the commentators here!
    Mason Soiza

    ReplyDelete
  5. Sankar8 June 2019 at 01:23

    Great Article
    Network Security Projects for CSE
    Project Centers in Chennai



    JavaScript Training in Chennai
    JavaScript Training in Chennai

    ReplyDelete

Subscribe to: Post Comments (Atom)