Guest LAN Sniffer
Original Publication Date: 2005-Jun-26
Included in the Prior Art Database: 2005-Jun-26
z/VM Guest LAN Sniffer allows for the monitoring and recording of memory to memory data transfer within a z/VM Guest LAN or Virtual SWITCH using both proprietary Linux based tools such as TCPDUMP and ETHERAL and native z/VM facilities, TRSOURCE and TRACERED.
Guest LAN Sniffer
Disclosed is an enhancement to z/VM Virtual Networking support which allows the sniffing, monitoring, or recording of network traffic within a z/VM Guest LAN or Virtual Switch (VSWITCH). This paper addresses the problem of debugging network problems in a virtual networking environment. The z/VM Guest LAN and VSWITCH are comprised of simulated and virtualized networking technology in a software environment with little or no real networking hardware. Therefore, traditional hardware LAN Sniffers cannot effectively capture network traffic within the Guest LAN or VSWITCH. The z/VM Guest LAN Sniffer support provides two methods around the challenge of debugging internal memory to memory data transfer - guest promiscuous mode and TRSOURCE TYPE LAN traces.
The guest promiscuous mode method allows a single virtual machine guest to become a network LAN sniffer. The process is two fold and provides a way for Linux virtual machines to monitor and record network traffic using existing tools such as TCPDUMP and ETHEREAL. In order for a guest virtual machine, such as one running the Linux operating system, to participate in a Guest LAN or VSWITCH environment the guest must be both authorized and coupled to the LAN segment. Similarly, in order for a guest virtual machine to become a promiscuous user, the guest must first be authorized for promiscuous mode. This authorization is accomplished by the system administrator's use of the SET command, the MODIFY statement, or by configuring an External Security Manager (ESM). Once the guest is authorized for promiscuous mode, the guest must initiate promiscuous mode. The guest can use the CP SET NIC command to turn promiscuous mode on or off at the virtual network interface card (NIC) level. As well, the Linux device driver supports promiscuous mode, and thus, the guest can initiate promiscuous mode through the device driver using an IOCTL. Once the guest is actively in promiscuous mode, it receives copies of all network traffic on the LAN segment within other authorizations imposed on the guest. For example, promiscuous mode does not violate any virtual LAN (VLAN) authorization granted to the guest. This helps to ensure network security and integrity. See fig. 1 for an example of promiscuous mode.
Steps to initiate promiscuous mode on a virtual machine:
(Steps 1-2 are performed by the system/lan administrator)
1. CP DEFINE LAN TEST1 OWNERid SYSTEM RESTRICTED TYPE QDIO IP
2. CP SET LAN TEST1 GRANT LINUX1 PROmiscuous (Steps 3-5 are performed by the guest)
3. CP DEFINE NIC 500 TYPE QDIO
4. COUPLE 500 to SYSTEM TEST1
5. CP SET NIC 502 PROmiscuous*
*Command is issued by the Guest or equivalently by the Linux device driver through the IOCTL
The second method provided by z/VM Guest LAN Sniffer sup...