By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

peered VPC connection configuration and netcat testing

0

HI - I have been playing around with AWS for the last few weeks but cannot get something working - i'd be grateful if someone could tell me what I a doing wrong. I am trying to set up a "listening" ubuntu server in its own VPC, sat on a private subnet of 192.168.2.0/24 and have a "sending" server in another VPC on a private subnet of 192.168.1.0/24. The VPCs have a peering connection and a route in each VPC route table to the other subnet over the peer. I have set variables on the sending server for SOURCE, DEST and PORT and am running nc -u -q0 -s "${SOURCE}" "${DEST}" "${PORT}" <<< 'hello' The receiver is running nc -v -b -u -l -k -p 4321 | tee /netcat/logs/netcat-output-ipv4.log The message is received and written to the log However, as the listener is bound on 0.0.0.0 I was hoping that I could change the DEST on the server to another IP in the same subnet and the receiver to also log that message.

This bit doesnt work and I was wondering if anyone could tell me, A) if this is possible and B) How can i get it working? I do not want to assign a secondary NIC or IP to either server. My security groups all all traffic on all ports. Thanks in advance everyone!

Topics
Networking & Content DeliveryAWS Well-Architected Framework
Tags
Amazon VPCNetworking & Content DeliverySecurity
Language
English
The_Coity_Flusher
asked 10 months ago245 views
3 Answers
0

Not sure if I completely follow the piece that you are wanting to do, but I will try.

On the server side, when the process is listening on 0.0.0.0 that means it is listening on any IP that is configured on any NIC in the host. (i.e. the loopback address, link-local addresses, IPv4 and IPv6 addresses on the NICs on that instance.)

It sounds to me like you are wanting the process to listen on all IPs in the VPC? (This is the part I am not clear on.). This is not what listening on 0.0.0.0 on the local host represents. To change the dest on the client and have it arrive on the server, you have to add the new DEST IP to the server either as an additional IP on one of the existing NICs or as an additional NIC attached to the server.

I hope that I am following what you are wanting to do correctly.

profile pictureAWS
EXPERT
iBehr
answered 10 months ago
0

NetCat server listening on a particular port and 0.0.0.0 does not mean that now I can see into all communication in the subnet for that port, usually on an instance packets are dropped if the destination IP of the incoming packet is not the instance's own ip, so it will log only those packets coming with destination as your server IP. Networking devices like a firewall can do this (listen to traffic which aren't destined to them )but for that other features need to be enabled.

AWS
PK
answered 10 months ago
0

It sounds like you're trying to "sniff" or "snoop" on all traffic in the VPC. That's not supported - the underlying VPC network does not allow that to happen; instances only receive traffic which is sent directly to them. While the VPC network looks like Ethernet, it is an overlay network that emulates most of the Ethernet semantics. For more information about this (if you're interested) definitely watch this YouTube video.

That said, if you do want to do packet sniffing, VPC traffic mirroring might be the answer. That said, it's unclear why you want to do this - there might be other better solutions depending on your use case.

profile pictureAWS
EXPERT
Brettski-AWS
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content