packetville

Tag: virtualbox

  • Understanding VirtualBox Internal Network Adapters

    When you create an “Internal Network” in VirutalBox, three things happen.

    1. A virtual network card is created for the virtual machine.
    2. A software switch is created.
    3. A network cable connects the switch and network card together.

    Think of it like the image below. A virtual switch works just like a real layer 2 switch. You can connect multiple virtual machines to one switch, or create additional switches, each with their own connected VMs.

    You can see I created a switch with the name of “mynetwork”. You attach any other VMs to the same switch by using the same name. Ensure the spelling is correct or you’ll be creating a different switch.

    To find the interface, compare the MAC addresses. In Virtualbox, my adapter MAC is 0800279424E8.

    In your Linux VM, run the command ip link. You can see the interface called “enp0s3” has the that MAC address.

    owner@host:~$ ip link
1: lo: <LOOPBACK, UP, LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc FQ_CODEL state up mode DEFAULT group default qlen 1000 link/ether 08:00:27:94:24:e8 brd ff:ff:ff:ff:ff:ff
owner@host:~$

    enp0s3 is the interface where you would assign an IP address.

    Pro Tip:

    A physical network card has a hardware MAC filter. Your network card only accepts frames addressed to its own MAC address, broadcasts, and multicasts it subscribes to. Any other frame it sees on the wire gets dropped. In VirtualBox this is “deny all” under promiscuous mode, which is the default. This is correct and how a network should operate.


    In certain situations, you may need to turn off this hardware MAC filter. In VirutalBox, you would set promiscuous mode to “Allow All”. Now when your virtual network card sees a frame on the wire from the switch, it will send it up the stack without filtering it.

    Examples:

    The VXLAN tunnel endpoints (VTEP) are accepting frames for devices across the network. The destination MAC won’t match the VTEP so unless you set “Allow All” your network card will drop the frame.

    Packing sniffing with Wireshark for traffic not destined to your own system.