WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Networking privacy and DomU

from [John A. Sullivan III] [Permanent Link][Original]
To: Martin Dziobek <dziobek@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Networking privacy and DomU
From: "John A. Sullivan III" <jsullivan@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 09 Jan 2006 15:56:59 -0500
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 09 Jan 2006 21:03:27 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20060109163145.5d710f92@xxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20060109163145.5d710f92@xxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
On Mon, 2006-01-09 at 16:31 +0100, Martin Dziobek wrote:
> Hello All,
> 
> I'm not seeing the wood for trees ...
> 
> In Xen 3.0 with standard setup (1 Dom 0, several
> Dom U),how can I prevent a DomU from reading
> the other DomUs network traffic with a sniffer ?
> Can I use bridging at all ?
> 
<snip>
That's a very interesting question.  I have not explored this in any
detail but, it seems to me upon casual observation, that a domU cannot
put the hardware NIC into promiscuous mode.  I have tried to do this
when troubleshooting various network problems.  I have launched tcpdump
in a domU and it does not appear to see all traffic -- only traffic
destined for the domU address.

Again, I did not try to work around it or even completely confirm that
was the case but it is my casual observation.  Perhaps since it is
indeed a bridge, it is like plugging a protocol analyzer into a switch
port -- one only sees broadcast traffic and the unicast traffic for that
port.  I suppose one could use arp poisoning to see other traffic but
that would be true of any switch - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@xxxxxxxxxxxxxxxxxxx

Financially sustainable open source development
http://www.opensourcedevel.com


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] xen 3.0 testing ACPI problems / no PCI functionality, Ralph Passgang
Next by Date:  Re: [Xen-users] xen 3.0 testing ACPI problems / no PCI functionality, Mark Williamson
Previous by Thread:  [Xen-users] Networking privacy and DomU, Martin Dziobek
Next by Thread:  Re: [Xen-users] Networking privacy and DomU, Ralph Passgang
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy