VirtualBox - Can't ping guests

Data that travels over the air and how to protect (or decipher) it

VirtualBox - Can't ping guests

Post by ampakine on Fri Jun 17, 2011 5:33 pm
([msg=58662]see VirtualBox - Can't ping guests[/msg])

I installed a Windows 7 guest on my Ubuntu host and initially it was on its own subnet (10.0.2.15) so I went into Settings > Network then changed NAT to Bridged Adapter so now the guest seems to be on the same subnet as the host (it has the IP 192.168.1.13 and my host is 192.168.1.17) and I can ping the host from the guest but when I try to ping the guest from the host it doesn't detect any live host on 192.168.1.13. I tried port scanning it with nmap too but nmap couldn't detect it. I followed this tutorial:
http://riethorst.net/phpmyfaq/index.php ... artlang=en
and according to that tutorial I should be able to detect the Windows 7 guest on my LAN now but 192.168.1.13 isn't responding to pings or any nmap scans. Does that mean its not actually on the same subnet?
ampakine
Experienced User
Experienced User
 
Posts: 65
Joined: Tue May 31, 2011 5:21 pm
Blog: View Blog (0)


Re: VirtualBox - Can't ping guests

Post by Vulpine on Fri Jun 17, 2011 5:41 pm
([msg=58663]see Re: VirtualBox - Can't ping guests[/msg])

Disable Windows Firewall. It's generally enabled by default.
User avatar
Vulpine
Poster
Poster
 
Posts: 381
Joined: Fri Mar 26, 2010 11:14 pm
Blog: View Blog (0)


Re: VirtualBox - Can't ping guests

Post by Goatboy on Fri Jun 17, 2011 7:02 pm
([msg=58666]see Re: VirtualBox - Can't ping guests[/msg])

Vulpine wrote:Disable Windows Firewall. It's generally enabled by default.


This. I cannot tell you how many times we had people fuck up in our "hacking" (read: entry-level security of 10 years ago) course because of this.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2752
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: VirtualBox - Can't ping guests

Post by ampakine on Sat Jun 18, 2011 10:10 am
([msg=58690]see Re: VirtualBox - Can't ping guests[/msg])

I figured out what was wrong. I had previously when into ICMP filtering in firestarters preferences and unchecked the box that said "Allow echo replies (pong)" thinking that this meant it would stop my computer from replying to pings from other computers on the network (in order to make myself invisible to ping sweeps) but it seems what it actually did was blocked replies from computers I was pinging lol. So this thread isn't a complete waste of webspace I'll post what lead me to figure out what was wrong so maybe someone might find it educational. I posted this on another forum:

lmarmisa: I didn't configure the firewall at all, I literally installed the Windows 7 guest, got it onto my subnet then tried pinging it. I can't imagine Win7 blocking pings by default. I'll check though.

emiller12345: heres what happened when I ran that command:
Code: Select all
$ arping -I eth0 -c 1 192.168.1.13
WARNING: interface is ignored: Operation not permitted
ARPING 192.168.1.13 from 192.168.1.17 eth0
Unicast reply from 192.168.1.13 [08:00:27:30:66:93]  0.982ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
so its responding to ARP but not ICMP? I'm watching what wireshark captures when I ping 192.168.1.3 and plenty of these come up:
Image

I don't know too much about TCP/IP so I don't know what to make of it but wireshark is picking up plenty of packets coming from 192.168.1.13. Loads of SSDP packets what ever they are. Strangely enough wireshark captures packets from 2 other IP's 192.168.1.3 and 192.168.1.12, they might be the other laptops in the house but when I do a ping sweep with fping the only live host it identifies is me.

EDIT: I installed wireshark on the windows host and pinged it and heres what it sniffed:
Image
so it is receiving to the pings and responding to them. Would I be right in assuming it has to be the ubuntu host thats ignoring the pings? Ah **** now I remember, I configured firestarter to not allow "Echo reply (pong)" in ICMP filtering, I thought that meant it would stop my computer from replying to pings in order to make myself invisible to ping sweeps. Instead it was blocking replies from computers I ping. That was pretty stupid on my part lol.

A quick side question: I notice that the windows guest has a different MAC address to my ethernet cards MAC address. Do VM's use virtual network interfaces or something?



Goatboy wrote:
Vulpine wrote:Disable Windows Firewall. It's generally enabled by default.


This. I cannot tell you how many times we had people fuck up in our "hacking" (read: entry-level security of 10 years ago) course because of this.

I thought it was unlikely that a built in Windows firewall would block pings by default but not only was I right,
I did a port scan on the Win7 guest and found 8 open ports and heres what it found:
Image
7 ports open by default. Wireshark is capturing plenty of SSDP packets headed for external IP's. I dunno what that means but I don't like it. I did a port scan on my router and noticed an msnp port open. Besides an XBox 360 which the routers firewall won't even let connect to XBox live, the only windows computer on the LAN is the Win7 guest so would I be right in assuming the guest opened this port up?
ampakine
Experienced User
Experienced User
 
Posts: 65
Joined: Tue May 31, 2011 5:21 pm
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests