[SOLVED] Find corresponding VM

[martijnk]

Hi,

Some customer runs a DHCP server on my network. I want to find the VM which is running this. I have the IP and Mac address of the DHCP server but I can't relate this to any VM, so I suspect it must be running in a docker container or something. I'm running both KVMs and LXC containers.

So question is, how do I find the VM/Container doing this?

 

[Stoiko Ivanov]

hmm - if the mac-address is not configured on any of your guests (vm or container) you should still be able to see it in the forwarding table and find out where it's connected:
* `bridge fdb show |grep -i aa:aa:aa:aa:aa` (replace aa:aa:aa:aa:aa with the actual mac-address of the dhcp server)
this should yield the interface where this mac was seen (only if there have been packets sent with this mac recently)
e.g. `tap111i0` - with that you can decode the guest-id (111 in that case)

I hope this helps!

 

[martijnk]

hmm - if the mac-address is not configured on any of your guests (vm or container) you should still be able to see it in the forwarding table and find out where it's connected:
* `bridge fdb show |grep -i aa:aa:aa:aa:aa` (replace aa:aa:aa:aa:aa with the actual mac-address of the dhcp server)
this should yield the interface where this mac was seen (only if there have been packets sent with this mac recently)
e.g. `tap111i0` - with that you can decode the guest-id (111 in that case)

I hope this helps!

That helped a lot, I instantly found the machine.

Thanks! I will document this command

 

[Stoiko Ivanov]

Glad that helped

Please mark the thread as 'SOLVED' - In case someone else runs into such an issue - they'll know directly that a solution might be waiting for them in this thread.

Thanks!