wget only works when tcpdump is listening

Question

I am running two Virtual Machines over the XEN hypervisor both with Ubuntu trusty (Linaro-Developer version) with the following simple bridge networking setup:

Backend domain (dom0):

br0       Link encap:Ethernet  HWaddr 02:4d:04:41:96:a9  
          inet addr:141.79.67.109  Bcast:141.79.71.255  Mask:255.255.248.0
          inet6 addr: fe80::4d:4ff:fe41:96a9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4896629 errors:0 dropped:814 overruns:0 frame:0
          TX packets:1134 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:356819584 (356.8 MB)  TX bytes:277236 (277.2 KB)

eth0      Link encap:Ethernet  HWaddr 02:4d:04:41:96:a9  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4906298 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2249 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:430584499 (430.5 MB)  TX bytes:362740 (362.7 KB)
          Interrupt:44 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1248 (1.2 KB)  TX bytes:1248 (1.2 KB)

vif1.0    Link encap:Ethernet  HWaddr fe:ff:ff:ff:ff:ff  
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1049 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4767521 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:66258 (66.2 KB)  TX bytes:416912687 (416.9 MB)

guest domain (domU)

eth0      Link encap:Ethernet  HWaddr 00:16:3e:54:95:f5  
          inet addr:141.79.66.105  Bcast:141.79.71.255  Mask:255.255.248.0
          inet6 addr: fe80::216:3eff:fe54:95f5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4879495 errors:0 dropped:815 overruns:0 frame:0
          TX packets:1049 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:358293232 (358.2 MB)  TX bytes:80944 (80.9 KB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:672 (672.0 B)  TX bytes:672 (672.0 B)

Netwoking in dom0 is working fine (apt-get, wget). Buti n domU i experience a very strange problem: ping works well but apt-get and wget doesn't work.

root@MyUbuntu:~# wget -p http://google.com
--1970-01-01 00:52:49--  http://google.com/
Resolving google.com (google.com)... 129.143.66.27, 129.143.66.29, 129.143.66.30, ...
Connecting to google.com (google.com)|129.143.66.27|:80... connected.
HTTP request sent, awaiting response... No data received.

I install tcpdump on dom0 to debug the problem, running a simple command:

tcpdump -i br0 -n "tcp and src 141.79.66.105"

However, whenever tcpdump is listening wget and apt-get works well:

root@MyUbuntu:~# wget -p http://google.com
--1970-01-01 00:42:27--  http://google.com/
Resolving google.com (google.com)... 129.143.66.45, 129.143.66.49, 129.143.66.53, ...
Connecting to google.com (google.com)|129.143.66.45|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://www.google.de/?gfe_rd=cr&ei=qJIzVs3qJqSh8wfLma_QCw [following]
--1970-01-01 00:42:27--  http://www.google.de/?gfe_rd=cr&ei=qJIzVs3qJqSh8wfLma_QCw
Resolving www.google.de (www.google.de)... 129.143.66.38, 129.143.66.42, 129.143.66.44, ...
Reusing existing connection to google.com:80.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: 'google.com/index.html'

    [ <=>                                   ] 19,468      --.-K/s   in 0.003s  

1970-01-01 00:42:27 (5.84 MB/s) - 'google.com/index.html' saved [19468]

FINISHED --1970-01-01 00:42:27--
Total wall clock time: 0.09s
Downloaded: 1 files, 19K in 0.003s (5.84 MB/s)

Does tcpdump open any port allowing the traffic to go through ? Any help is much appreciated.Thank you.

score 3 · Accepted Answer · answered Oct 30 '15 at 20:02

3

When you start tcpdump it places the interface in promiscuous mode. That might be what is allowing the data to reach domU while tcpdump is active.

You could test that theory by adding --no-promiscuous-mode to the tcpdump command. Or by manually setting the interface to promiscuous mode.

Not sure how that helps to resolve the actual issue though.

answered Oct 30 '15 at 20:02

Bram

1,121
6
9

Uhm you are right. I wonder what is wrong with my bridge network in the first place. Do you have any suggestion ? – Tran Ngu Dang Nov 05 '15 at 12:56

score 0 · Answer 2 · answered Oct 30 '15 at 23:47

0

When bridging, the physical interface must be in promiscuous mode. This is so that packets addressed to the bridge and virtual interfaces can be seen and forwarded.

Solution is to ensure that your eth0 is configured with "promisc" enabled.

answered Oct 30 '15 at 23:47

roaima

1,591
14
28

wget only works when tcpdump is listening

2 Answers2