Re: Fragmented packets

abarakat · ‎02-24-2010

We are trying to use a tool called frel based on fragrouter to test out some security evasion tactics by fragmenting the packets but this does not seem to work on Linux Vmware image running on ESX. I have tried all kinds of things changed MTU on guest os and ESX vswitch, tried all the diffrent adapater types possible flex vmnxt2 3 and E1000. Nothin I have tried is working has anyone run into this for tools like fragrouter or frel? and if so what was if any the solution?

Thanks

Amjad

Texiwill · ‎02-25-2010

Hello,

Moved to the Security Forum.

In general, the vSwitch is NOT the same as a pSwitch. You may need to use something different. Hopefully someone from VMware can comment, it would be interesting if the vSwitch prevents excessive packet fragmentation.

Are you trying to go out to the physical Network?

Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

abarakat · ‎02-25-2010

I have tried both going out to physical and staying within the vswitch on the same portgroup, my portgroups are usally tagged so I tried without a tag, I have also tried promiscuous mode on both the VM and the Portgroup.

Also I am not seeing any packet loss I am seeing the exact # of packets on both guests but have not compared them exactly one to one maybe I can export the capture from wireshark to ascii and run a diff.

All

Fragmented packets