-
Notifications
You must be signed in to change notification settings - Fork 20
Proxmox
Here are collected some random tidbits when running Peekaboo atop Proxmox.
By default, network bridges in Linux behave as switches,
i.e. forward traffic only to those member interfaces which need to see it as part of ongoing communication.
If a Peekaboo setup is distributed across multiple VMs,
this may need to be reconfigured so all interested parties get to see all relevant traffic.
In particular, a Cuckoo/CAPEv2 VM running a network sniffer needs to see traffic generated
by the analysis VMs and potentially addtional VMs hosting services like inetsim.
This can be accomplished by disabling the MAC cache on the bridge device.
This can be done using brctl setageing vmbrX 0.
In Proxmox's /etc/network/interfaces this can be configured permanently like this:
auto vmbr1
iface vmbr1 inet static
address 192.168.56.1
netmask 255.255.255.0
bridge-ports eth1
bridge-stp off
bridge-fd 0
post-up brctl setageing vmbr1 0
Or:
bridge_setageing vmbr1 0
See also https://forum.proxmox.com/threads/send-mirrored-traffic-into-guest-vm.48002/.
In theory this could further be fine-tuned using bridge fdb functionality.