[SOLVED] Find corresponding VM

M

martijnk

Member
May 4, 2020
43
5
8
46
Hi,

Some customer runs a DHCP server on my network. I want to find the VM which is running this. I have the IP and Mac address of the DHCP server but I can't relate this to any VM, so I suspect it must be running in a docker container or something. I'm running both KVMs and LXC containers.

So question is, how do I find the VM/Container doing this?
 
hmm - if the mac-address is not configured on any of your guests (vm or container) you should still be able to see it in the forwarding table and find out where it's connected:
* `bridge fdb show |grep -i aa:aa:aa:aa:aa` (replace aa:aa:aa:aa:aa with the actual mac-address of the dhcp server)
this should yield the interface where this mac was seen (only if there have been packets sent with this mac recently)
e.g. `tap111i0` - with that you can decode the guest-id (111 in that case)

I hope this helps!
 
  • Like
Reactions: oguz and martijnk
Stoiko Ivanov said:
hmm - if the mac-address is not configured on any of your guests (vm or container) you should still be able to see it in the forwarding table and find out where it's connected:
* `bridge fdb show |grep -i aa:aa:aa:aa:aa` (replace aa:aa:aa:aa:aa with the actual mac-address of the dhcp server)
this should yield the interface where this mac was seen (only if there have been packets sent with this mac recently)
e.g. `tap111i0` - with that you can decode the guest-id (111 in that case)

I hope this helps!
Click to expand...
That helped a lot, I instantly found the machine.

Thanks! I will document this command :)
 
  • Like
Reactions: Stoiko Ivanov
Glad that helped :)

Please mark the thread as 'SOLVED' - In case someone else runs into such an issue - they'll know directly that a solution might be waiting for them in this thread.

Thanks!
 
You must log in or register to reply here.
Top Bottom