WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Xen
Home Products Support Community News

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
<prev [Thread] next>

Re: [Xen-users] Networking privacy and DomU

from [John A. Sullivan III] [Permanent Link][Original]
To: Martin Dziobek <dziobek@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Networking privacy and DomU
From: "John A. Sullivan III" <jsullivan@xxxxxxxxxxxxxxxxxxx>
Date: 2006年1月09日 15:56:59 -0500
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: 2006年1月09日 21:03:27 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20060109163145.5d710f92@xxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <20060109163145.5d710f92@xxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
On Mon, 2006年01月09日 at 16:31 +0100, Martin Dziobek wrote:
> Hello All,
>
> I'm not seeing the wood for trees ...
>
> In Xen 3.0 with standard setup (1 Dom 0, several
> Dom U),how can I prevent a DomU from reading
> the other DomUs network traffic with a sniffer ?
> Can I use bridging at all ?
>
<snip>
That's a very interesting question. I have not explored this in any
detail but, it seems to me upon casual observation, that a domU cannot
put the hardware NIC into promiscuous mode. I have tried to do this
when troubleshooting various network problems. I have launched tcpdump
in a domU and it does not appear to see all traffic -- only traffic
destined for the domU address.
Again, I did not try to work around it or even completely confirm that
was the case but it is my casual observation. Perhaps since it is
indeed a bridge, it is like plugging a protocol analyzer into a switch
port -- one only sees broadcast traffic and the unicast traffic for that
port. I suppose one could use arp poisoning to see other traffic but
that would be true of any switch - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@xxxxxxxxxxxxxxxxxxx
Financially sustainable open source development
http://www.opensourcedevel.com
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date: Re: [Xen-users] xen 3.0 testing ACPI problems / no PCI functionality , Ralph Passgang
Next by Date: Re: [Xen-users] xen 3.0 testing ACPI problems / no PCI functionality , Mark Williamson
Previous by Thread: [Xen-users] Networking privacy and DomU , Martin Dziobek
Next by Thread: Re: [Xen-users] Networking privacy and DomU , Ralph Passgang
Indexes: [Date] [Thread] [Top] [All Lists]

Copyright ©, Citrix Systems Inc. All rights reserved. Legal and Privacy
Citrix This site is hosted by Citrix

AltStyle によって変換されたページ (->オリジナル) /