0

I am a bit of a networking newbie so please bear with me.

To give some context, I am trying to demonstrate an L2 flooding attack on a network of 4 VMs on virtualbox: vswitch, machine1, machine2 and machine3. All four are running Ubuntu server 24.04 and have a host-only network adapter (only used for ssh connections from the host). In addition, vswitch shares the internal network inet1 with machine1, inet2 with machine2 and inet3 with machine3. All network adapters on all machines are in promiscuous mode. Finally, vswitch is running open vswitch with a bridge br0 linking inet1, inet2 and inet3 which looks like this:

user@vswitch:~$ sudo ovs-vsctl show
03fd11a2-04e2-46d2-91e4-f4206c45c4fb
    Bridge br0
        Port inet1
            Interface inet1
        Port br0
            Interface br0
                type: internal
        Port inet3
            Interface inet3
        Port inet2
            Interface inet2
    ovs_version: "3.3.0"

My config is pretty simple: I have netplan files on each machine that rename all network interfaces to be less cryptic and give static ip addresses to each machine on each network interface the machine in question is connected to using the following pattern: for i = 1,2,3: machine{i} has ip address 172.16.{i}.1 and vswitch has ip address 172.16.{i}.0 on network interface inet{i}.

The command ip a shows that the ip addresses are set correctly, and that all inet interfaces are up. One thing that seems curious is that my bridge br0 seems to be in an unknown state, and its mac address seems to the same as inet1.

Now, the problem I'm struggling to troubleshoot is that my machines can't ping each other correctly. While I can ping vswitch from all 3 machines on the appropriate interfaces, it doesn't seem to work the other way around.

Here's an example:

user@vswitch:~$ ping machine1
PING machine1 (172.16.1.1) 56(84) bytes of data.
From vswitch (172.16.1.0) icmp_seq=1 Destination Host Unreachable
From vswitch (172.16.1.0) icmp_seq=2 Destination Host Unreachable
From vswitch (172.16.1.0) icmp_seq=3 Destination Host Unreachable
^C
--- machine1 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3101ms
pipe 4

tcpdump, which I had let run on the three machines in parallel to the ping gives back the following results:

For machine1, it seems that it's receiving the ARP ping requests and trying to reply:

user@machine1:~$ sudo tcpdump -i inet1
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on inet1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
19:57:06.395599 ARP, Request who-has machine1 tell vswitch-inet1, length 46
19:57:06.395636 ARP, Reply machine1 is-at 08:00:27:22:f4:d8 (oui Unknown), length 28
19:57:07.398275 ARP, Request who-has machine1 tell vswitch-inet1, length 46
19:57:07.398297 ARP, Reply machine1 is-at 08:00:27:22:f4:d8 (oui Unknown), length 28
19:57:08.422953 ARP, Request who-has machine1 tell vswitch-inet1, length 46
19:57:08.423000 ARP, Reply machine1 is-at 08:00:27:22:f4:d8 (oui Unknown), length 28
19:57:09.447326 ARP, Request who-has machine1 tell vswitch-inet1, length 46
19:57:09.447373 ARP, Reply machine1 is-at 08:00:27:22:f4:d8 (oui Unknown), length 28

And machine2 and 3 receive the reply packets that had gone through the bridge br0:

user@machine2:~$ sudo tcpdump -i inet2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on inet2, link-type EN10MB (Ethernet), snapshot length 262144 bytes
19:57:06.410628 ARP, Reply machine1 is-at 08:00:27:22:f4:d8 (oui Unknown), length 46
19:57:07.411542 ARP, Reply machine1 is-at 08:00:27:22:f4:d8 (oui Unknown), length 46
19:57:08.437400 ARP, Reply machine1 is-at 08:00:27:22:f4:d8 (oui Unknown), length 46
19:57:09.463326 ARP, Reply machine1 is-at 08:00:27:22:f4:d8 (oui Unknown), length 46

Now when I try to ping machine2 from machine1 directly, it doesn't work which I don't find surprising as I have no router in my network. But even when I specify the network interface on which to broadcast the packets, it seems to me as if machine2 receives the ping requests and doesn't reply, as is shown by the following output:

user@machine1:~$ ping machine2
ping: connect: Network is unreachable
user@machine1:~$ ping -I inet1 machine2
PING machine2 (172.16.2.1) from 172.16.1.1 inet1: 56(84) bytes of data.
^C
--- machine2 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 9215ms
pipe 4

user@machine2:~$ sudo tcpdump -i inet2
[sudo] password for user: 
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on inet2, link-type EN10MB (Ethernet), snapshot length 262144 bytes
20:19:09.029793 ARP, Request who-has machine2 tell machine1, length 46
20:19:10.053368 ARP, Request who-has machine2 tell machine1, length 46
20:19:11.077514 ARP, Request who-has machine2 tell machine1, length 46
20:19:12.102839 ARP, Request who-has machine2 tell machine1, length 46
…

I must admit this issue is driving me up the wall. It looks like the bridge is working properly: if that weren't the case, then the ARP packets wouldn't even show up on tcpdump, so I really have no idea what could be causing this. Any help would be greatly appreciated.

Improve this question

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.