虚机通信抓包方法

Jneee 于 2020-05-06 发布

同个子网内ping虚机

[root@host-10-0-0-107 ~]# nohup ping 10.0.0.17 &

查看虚机id

nova list --all-te|grep 10.0.0.17
8851611c-b34d-4f90-8670-273fe1e9dec3

通过VM id 查找物理机信息

nova show 8851611c-b34d-4f90-8670-273fe1e9dec3
| OS-EXT-SRV-ATTR:hypervisor_hostname  | 68569C29-D21D-B211-BB45-0018E1C5D866

通过host id 查找host信息

5F0B42C1-EFD0-C685-E811-16AD2A2D1793:/home/fsp # cps host-list |grep 68569C29-D21D-B211-BB45-0018E1C5D866
| 68569C29-D21D-B211-BB45-0018E1C5D866 | BC11HGSA0      | blockstorage-driver-kvm002,     | normal | 172.29.0.5  | 6.27.73.154 | 68569C29-D21D-B211-BB45-0018E1C5D866 |

Host 节点

网桥相关

查看虚机网卡信息,得到mac地址

5F0B42C1-EFD0-C685-E811-16AD2A2D1793:/home/fsp # nova interface-list 8851611c-b34d-4f90-8670-273fe1e9dec3
+------------+--------------------------------------+--------------------------------------+--------------+-------------------+
| Port State | Port ID                              | Net ID                               | IP addresses | MAC Addr          |
+------------+--------------------------------------+--------------------------------------+--------------+-------------------+
| ACTIVE     | 81e4a23a-4053-40ce-9044-4edbe385b791 | bef86639-5fee-45a3-8db5-0b20b6363ba2 | 10.0.0.17    | fa:16:3e:29:fb:13 |
+------------+--------------------------------------+--------------------------------------+--------------+-------------------+

这里得到的port id 还要neutron show 一下

68569C29-D21D-B211-BB45-0018E1C5D866:/home/fsp # neutron port-show 81e4a23a-4053-40ce-9044-4edbe385b791
+-----------------------+----------------------------------------------------------------------------------+
| Field                 | Value                                                                            |
+-----------------------+----------------------------------------------------------------------------------+
| admin_state_up        | True                                                                             |
| alias_id              | cell1:1c65142e-2a4f-4664-b702-2176122a2ea4                                       |

查看对应的qbr网桥、ply网桥信息。可以看到qvm对应ply网桥的端口1,pvi端口2

68569C29-D21D-B211-BB45-0018E1C5D866:/home/fsp # brctl show |grep 1c65
qbr1c65142e-2a		8000.4e62113fce3a	no		qvm1c65142e-2a
							tap1c65142e-2a

68569C29-D21D-B211-BB45-0018E1C5D866:/home/fsp # ovs-ofctl show ply1c65142e-2a
OFPT_FEATURES_REPLY (xid=0x2): dpid:0000a69655a66744
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue ext_action set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 1(qvm1c65142e-2a): addr:4e:62:11:3f:ce:3a
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 2(pvi1c65142e-2a): addr:de:08:69:fc:a6:4a
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(ply1c65142e-2a): addr:a6:96:55:a6:67:44
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

68569C29-D21D-B211-BB45-0018E1C5D866:/home/fsp # ovs-ofctl show br-int |grep 1c65
 71(pvo1c65142e-2a): addr:7a:92:22:ab:2f:17

流量走向:VM1–> qbr06ecf918-e3 –> ply06ecf918-e3 –> br-int –> ply5f7c968a-99 –> qbr5f7c968a-99 –> VM2

通过ovs-appctl fdb/show [br-int]命令查看br-int网桥上的fdb表。ARP是三层转发,FDB是二层转发。目标地址为fa:16:3e:29:fb:13的流量被转发到71端口。

68569C29-D21D-B211-BB45-0018E1C5D866:/home/fsp # ovs-appctl fdb/show br-int |grep fa:16:3e:29:fb:13
   71    15  fa:16:3e:29:fb:13    0

使用tcpdump抓包。-i [设备] ;icmp 指定协议;src/dst 指定源和目的(地址/端口);host [ip] 指定主机地址;port [number] 指定端口。 对tap口进行抓包:

68569C29-D21D-B211-BB45-0018E1C5D866:/home/fsp # ./tcpdump -i tap1c65142e-2a -nne icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap1c65142e-2a, link-type EN10MB (Ethernet), capture size 262144 bytes
14:32:10.193922 fa:16:3e:63:28:94 > fa:16:3e:29:fb:13, ethertype IPv4 (0x0800), length 98: 10.0.0.107 > 10.0.0.17: ICMP echo request, id 32629, seq 10762, length 64
14:32:10.194007 fa:16:3e:29:fb:13 > fa:16:3e:63:28:94, ethertype IPv4 (0x0800), length 98: 10.0.0.17 > 10.0.0.107: ICMP echo reply, id 32629, seq 10762, length 64

image

查看ovs网桥信息 ,找到pov1c65。 -C 5表示显示匹配到的上下5行。这一步没什么用啊。

68569C29-D21D-B211-BB45-0018E1C5D866:/home/fsp # ovs-vsctl show |grep 1c65 -C 5
    Bridge "ply1c65142e-2a"
        Port "qvm1c65142e-2a"
            Interface "qvm1c65142e-2a"
        Port "ply1c65142e-2a"
            Interface "ply1c65142e-2a"
        Port "pvi1c65142e-2a"
            Interface "pvi1c65142e-2a"
                options: {peer="pvo1c65142e-2a"}
	Bridge br-int
        Port "pvo1c65142e-2a"
            tag: 15
            Interface "pvo1c65142e-2a"
                type: patch
                options: {peer="pvi1c65142e-2a"}

68569C29-D21D-B211-BB45-0018E1C5D866:/home/fsp # ovs-ofctl show br-int |grep 1c65
 71(pvo1c65142e-2a): addr:7a:92:22:ab:2f:17

名空间

由上面得到的Net id

68569C29-D21D-B211-BB45-0018E1C5D866:/home/fsp # neutron net-list |grep bef86639-5fee-45a3-8db5-0b20b6363ba2
| bef86639-5fee-45a3-8db5-0b20b6363ba2 | subnet-450e                               | 0d67a197-449f-47c2-8ed4-037fd3519644 10.0.0.0/24      |
68569C29-D21D-B211-BB45-0018E1C5D866:/home/fsp # neutron router-list |grep vpc-ipv4
| 3da5aa7d-2dc0-4a49-895d-877e92b39256 | vpc-ipv4          | {"network_id": "85fa82f5-ea84-41ef-884e-b82428719536", "enable_snat": false, "external_fixed_ips": [{"subnet_id": "41acc3d6-5763-45c7-9170-0b830319606b", "ip_address": "::7f00:0:4"}, {"subnet_id": "1c0f7a0a-eedf-47f5-a5ef-a4e1af645ac2", "ip_address": "127.0.0.4"}]}   | True        | False |
68569C29-D21D-B211-BB45-0018E1C5D866:/home/fsp # neutron router-show 3da5aa7d-2dc0-4a49-895d-877e92b39256
+-------------------------+------------------------------------------------------------------------------------------------------------------------------+
| Field                   | Value                                                                                                                        |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up          | True                                                                                                                         |
| availability_zone_hints |                                                                                                                              |
| availability_zones      |                                                                                                                              |
| billing_status          | normal                                                                                                                       |
| created_at              | 2020-04-22T06:59:30                                                                                                          |
| description             |                                                                                                                              |
| distributed             | True                                                                                                                         |
| external_gateway_info   | {"network_id": "85fa82f5-ea84-41ef-884e-b82428719536", "enable_snat": false, "external_fixed_ips": [{"subnet_id":            |
|                         | "41acc3d6-5763-45c7-9170-0b830319606b", "ip_address": "::7f00:0:4"}, {"subnet_id": "1c0f7a0a-eedf-47f5-a5ef-a4e1af645ac2",   |
|                         | "ip_address": "127.0.0.4"}]}                                                                                                 |
| ha                      | False                                                                                                                        |
| id                      | 3da5aa7d-2dc0-4a49-895d-877e92b39256                                                                                         |
| name                    | vpc-ipv4                                                                                                                     |
| order_id                | 20200422065927999548050                                                                                                      |
| product_id              | a4bf364fc6b74f02adc9beb63b6e61bf                                                                                             |
| project_id              | 7e170a2dca7e42f4ae045332aa77fc66                                                                                             |
| routes                  |                                                                                                                              |
| status                  | ACTIVE                                                                                                                       |
| sys_tags                | _sys_enterprise_project_id=0                                                                                                 |
| tags                    |                                                                                                                              |
| task_id                 |                                                                                                                              |
| tenancy                 | 0                                                                                                                            |
| tenant_id               | 7e170a2dca7e42f4ae045332aa77fc66                                                                                             |
| type                    | standard                                                                                                                     |
| updated_at              | 2020-04-22T06:59:30                                                                                                          |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------+

待补充