Windows on VirtualBox on CentOs using RDP

  • Installing kernel-devel was recommended by several pages, so I just did it.

sudo yum install kernel-devel

Install VirtualBox and extension pack

  • Get repo
    cd /etc/yum.repos.d
    sudo wget
  • You can change enabled when you don't need this repo.

  • Install VirtualBox and extension pack.
    sudo yum install VirtualBox-5.0
    wget$(vboxmanage -v | cut -d'r' -f 1)/Oracle_VM_VirtualBox_Extension_Pack-$(vboxmanage -v | cut -d'r' -f 1)-$(vboxmanage -v | cut -d'r' -f 2).vbox-extpack
    sudo vboxmanage extpack install ./Oracle_VM_VirtualBox_Extension_Pack-$(vboxmanage -v | cut -d'r' -f 1)-$(vboxmanage -v | cut -d'r' -f 2).vbox-extpack

Create VM

  • If you have an ova file import it into VirtualBox

vboxmanage import OVA_FILE_PATH

  • If you have an iso file
    • To get ostypes: vboxmanage list ostypes | grep -i window | grep ID
    • Assume you have VMNAME variable, such as export VMNAME=win10
    • Create VM vboxmanage createvm --name $VMNAME --ostype Windows10_64 --register
    • vboxmanage modifyvm $VMNAME --memory 1024 --acpi on --boot1 dvd --nic1 nat
    • Create HDD vboxmanage createhd --filename '$VMNAME.vdi' --size 10240
    • Add IDE controller vboxmanage storagectl $VMNAME --name 'ide ctrl' --add ide --controller PIIX4
    • Attach HDD vboxmanage storageattach $VMNAME --storagectl 'ide ctrl' --port 0 --device 0 --type hdd --medium ./$VMNAME.vdi
    • Attach ISO file as DVD driver vboxmanage storageattach win10 --storagectl 'ide ctrl' --port 0 --device 1 --type dvddrive --medium PATH_TO_ISO_FILE

Set VRDE mode

vboxmanage modifyvm $VMNAME --vrde on

Start VM

vboxmanage startvm --type headless $VMNAME

Check if RDP is listening on 3389 port

netstat -ntl | grep 3389

Run Client to get screen.

  • I downloaded Parallels Client from App Store for my osx, which works perfectly.




Remember to turn off TSO GSO

Before start capturing your packets to troubleshoot, remember to turn off tso and gso. Segment offloading is to let your NIC deal with packet processing, such as packet fragmentation and retransmission. This generally is good but hides your real packet transmission. In linux, you can disable this features by executing below commands.
ethtool -K tso off gso off

Capture TCP packet to a host:port

tcpdump -i -s 0 -vv -nn "tcp and host and 443 "

  • -s 0: do not truncate packets

Capture TCP packet of a subnet

tcpdump -i -s 0 -vv -nn "tcp and net"

Capture UDP packet of specific bytes

tcpdump -i -s 0 -vv -nn "udp[10:4] = 0x01020304"

Filter out a tcpdump file to another file

tcpdump -r-w "tcp and port 8080"