Author Topic: VMWare Networking Issue  (Read 13188 times)

0 Members and 4 Guests are viewing this topic.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: VMWare Networking Issue
« Reply #15 on: April 14, 2008, 10:12:31 pm »
I don't know what you're on, but it says -PR everywhere. I tested the command before I posted it here. :P

Haha, crap.  I probably read my own post or something.

Try doing a traceroute outside your network.. I don't expect it to be useful, but it's worth a try.

Here it is:
traceroute to www.google.com (64.233.167.99), 30 hops max, 40 byte packets
 1  192.168.211.2 (192.168.211.2)  0.710 ms  0.052 ms *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * google-peer.chcgil01.transitrail.net (137.164.130.150)  104.595 ms  104.421 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * py-in-f99.google.com (64.233.167.99)  137.561 ms

Offline nslay

  • Hero Member
  • *****
  • Posts: 786
  • Giraffe meat, mmm
    • View Profile
Re: VMWare Networking Issue
« Reply #16 on: April 15, 2008, 10:16:28 am »
Doing anything from the guest OS is useless because vmware is likely not running with privileges.  Non-privileged software cannot use SOCK_RAW, that means no ICMP (tracert, ping, etc...).  The diagnosis will likely have to be done from the host OS.
An adorable giant isopod!

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: VMWare Networking Issue
« Reply #17 on: April 15, 2008, 10:25:50 am »
Doing anything from the guest OS is useless because vmware is likely not running with privileges.  Non-privileged software cannot use SOCK_RAW, that means no ICMP (tracert, ping, etc...).  The diagnosis will likely have to be done from the host OS.
VMWare hides all those kinds of details. When you run a traceroute from VMWare, it opens a virtual socket with SOCK_RAW, and the host is treated as the first hop.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: VMWare Networking Issue
« Reply #18 on: April 15, 2008, 10:26:42 am »
Here it is:
traceroute to www.google.com (64.233.167.99), 30 hops max, 40 byte packets
 1  192.168.211.2 (192.168.211.2)  0.710 ms  0.052 ms *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * google-peer.chcgil01.transitrail.net (137.164.130.150)  104.595 ms  104.421 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * py-in-f99.google.com (64.233.167.99)  137.561 ms

The first hop is 192.168.211.2.. does that make sense? In NAT mode, the first hop should be the host system, and I thought the host system was 192.168.211.1?

What's the default gateway on the guest set to? (/sbin/route will tell you)

Offline nslay

  • Hero Member
  • *****
  • Posts: 786
  • Giraffe meat, mmm
    • View Profile
Re: VMWare Networking Issue
« Reply #19 on: April 15, 2008, 10:28:56 am »
Doing anything from the guest OS is useless because vmware is likely not running with privileges.  Non-privileged software cannot use SOCK_RAW, that means no ICMP (tracert, ping, etc...).  The diagnosis will likely have to be done from the host OS.
VMWare hides all those kinds of details. When you run a traceroute from VMWare, it opens a virtual socket with SOCK_RAW, and the host is treated as the first hop.

The VMware application still needs root privileges to use SOCK_RAW...there is no way around this (except on OS X which allows limited SOCK_RAW to non-privileged users).

EDIT:  Oh I see what you're saying...sure, in VMware's internal network that works.  But the privilege restriction applies to anything intended to be sent through the real network.
« Last Edit: April 15, 2008, 10:30:53 am by nslay »
An adorable giant isopod!

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: VMWare Networking Issue
« Reply #20 on: April 15, 2008, 10:32:18 am »
The VMware application still needs root privileges to use SOCK_RAW...there is no way around this (except on OS X which allows limited SOCK_RAW to non-privileged users).

EDIT:  Oh I see what you're saying...sure, in VMware's internal network that works.  But the privilege restriction applies to anything intended to be sent through the real network.
VMWare's networking runs as a kernel module, so it has access to do whatever it wants.

Offline nslay

  • Hero Member
  • *****
  • Posts: 786
  • Giraffe meat, mmm
    • View Profile
Re: VMWare Networking Issue
« Reply #21 on: April 16, 2008, 01:11:38 pm »
The VMware application still needs root privileges to use SOCK_RAW...there is no way around this (except on OS X which allows limited SOCK_RAW to non-privileged users).

EDIT:  Oh I see what you're saying...sure, in VMware's internal network that works.  But the privilege restriction applies to anything intended to be sent through the real network.
VMWare's networking runs as a kernel module, so it has access to do whatever it wants.


Yes, assuming it uses tap.  You don't have to use tap...and when you don't, you can't send out ICMP packets.
An adorable giant isopod!