- VMware Technology Network
- :
- Desktop Hypervisor
- :
- VMware Workstation
- :
- VMware Workstation Pro Discussions
- :
- WS 11.1.2 on Opensue 13.2 - freeze and kernel cras...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
WS 11.1.2 on Opensue 13.2 - freeze and kernel crash when using nmap and tshark/wireshark in parallel on virtual host device
I run several Win XP SP2 guests for penetration test exercises with VMware WS 11. My host is an Opensuse 13.2 system (kernel version 13.6). The XP guests are connected to a host only network. A virtual host NIC is defined for the virtual bridge - vmnet3.
All types of nmap scans started on the host against the XP guests work as they should. Also, wireshark or tshark can switch vmnet3 into promiscuous mode and track packets that come from the host or other virtual networks and pass through this interface to one of the guests - at least as long as I do not start any nmap scan on the host.
However, as soon as I
- use wireshark/tshark on the host for vmnet3 and
- try in parallel to initiate a nmap scan of one of the XP guest systems (i.e. the scan is started on the host and directed against one of the guests)
this inevitably leads to a total freeze of the host system. journalctl shows:
| kernel: BUG: unable to handle kernel NULL pointer dereference at | (null) |
I tested this on 2 different systems to be sure that there no RAM bug involved. The crash can be reproduced on both systems. I should say that such a behaviour does not occur for KVM bridges and guests. So, it seems to be something that is specific for VMware WS. I should further say that - due to the bug of vmware tools for XP-systems (infinite loop) - VMmware tools were not upgraded from 11.1.0 for my XP guest systems. I have not yet tested whether the kernel bug also occurs for scans of Win 7 guests, but will do so when I find the time.
Any ideas what I should or could do?
Regards
Ralph
Tested for Win 7 guests a minute ago - the same type of crash occurs. A parallel use of nmap against vmware guests and of wireshark on a virtual host device kills the Linux Host!
Would be interesting to know whether anyone has experienced this type of crash also for WS 12 and/or Kernel 4 versions?
Added information, 26.10.2015:
I tried tcpdump to check TCP/IP packets passing the virtual host device vmnet3 on their way to VMware guests. In contrast to tshark this works for whatever type of nmap scan started from the host against a guest ... Really weird ...
Added information, 26.10.2015:
After some advice from the Wireshark people I tested also for KVM/qemu virtual NICs - same problem there. So, this is not an issue specific for VMware WS. Furthermore, I found that using dumpcap leads to the same system freeze and bug message as tshark/wireshark itself. According to the wireshark people dumpcap is internally used to perform packet capturing. Interestingly enough, capturing with tcpdump works without errors both on KVM/qemu and VMware virtual NICs.