Networking – How does bridged networking work in Virtualbox


How does bridged networking work?

I have looked through the VirtualBox manuals but nothing extremely technical came up (It was just a generic gloss over of the topic).

  • How does it assign a different IP to the virtual machine but uses the
    same network card?
  • Why does this different IP (I found using ip addr under linux) not show up under the "attached devices section" of my router but I can port forward to it?
  • How come if I connect to a password protected WiFi network, it does not require me to enter my password?
  • Is this multihoming?

Best Answer

From the VirtualBox manual Chapter 6 of Virtual networking, section Bridged networking :

With bridged networking, VirtualBox uses a device driver on your host system that filters data from your physical network adapter. This driver is therefore called a "net filter" driver. This allows VirtualBox to intercept data from the physical network and inject data into it, effectively creating a new network interface in software. When a guest is using such a new software interface, it looks to the host system as though the guest were physically connected to the interface using a network cable: the host can send data to the guest through that interface and receive data from it. This means that you can set up routing or bridging between the guest and the rest of your network.

From Wikipedia Bridging (networking) :

A network bridge is a network device that connects more than one network segment. In the OSI model, bridging acts in the first two layers, below the network layer.

I have no personal knowledge working at these networking levels, but from the above it seems to me that VirtualBox and other virtual managers use system drivers to inject packages into the network and pretend to be a physical adapter.

As all packages are sent to all the network, each device reading only the packages that are marked with its address (unless sniffing), the virtual driver just injects packages with its own virtual MAC address and responds to packages that are destined to that MAC address, even though physically no such adapter exists.

This is done at a low enough level of the networking model, so that the host will not react to these messages on the higher levels, since they are stamped with a different MAC address than that of the host.

This is exactly the same technique as used by hackers for Spoofing attacks using IP address spoofing.

The virtual MAC address is invented by the virtual machine manager, or can be specified or changed at any time. It can be any legal MAC address that doesn't duplicate that of some other device on the local network.

The IP address is allocated to that virtual adapter by the DHCP server, which is usually the router, just as it does for any other physical device.

The reason that you can connect to a password protected WiFi network without entering the password is more puzzling, but I conjecture that the VirtualBox driver found and used the token that was returned to the host when it logged on to the network. This will also explain why it does not show up under the "Attached devices section" of your router, because it never formally attached itself to the network. Forwarding still works because the router just re-sends the package to the forwarded address and the VirtualBox driver answers.

Finally, this is not multihoming, which is one computer running one operating system that has multiple IP addresses via multiple adapters, all of them known to this one OS.

For more information, see the Wikipedia article about the OSI model, and especially regarding the OSI layers.