Repository : ssh://git@open-mesh.org/doc
On branches: backup-redmine/2019-11-07,master
commit aca8ccf33c89395edb873f4d24ef4b85d0088dac Author: Sven Eckelmann sven@narfation.org Date: Sun Oct 27 12:38:01 2019 +0000
doc: open-mesh/Analyzing_virtual_network_packets
aca8ccf33c89395edb873f4d24ef4b85d0088dac open-mesh/Analyzing_virtual_network_packets.textile | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
diff --git a/open-mesh/Analyzing_virtual_network_packets.textile b/open-mesh/Analyzing_virtual_network_packets.textile new file mode 100644 index 0000000..a6dcdbd --- /dev/null +++ b/open-mesh/Analyzing_virtual_network_packets.textile @@ -0,0 +1,19 @@ +h1. Analyzing interconnect packets + +h2. Wireshark + +The easiest way to get the traffic of a virtual machine is via the tap interfaces. It is recommended to use the newest wireshark version (git master branch) to get support for batman-adv's packet format. Wireshark can then be started manually on a specific tap interface: + +<pre> +wireshark -k -i tap1 +</pre> + +h2. View traffic via wireshark from virtual machine + +It is not always possible to use the tap interface because either the packets are filtered somewhere in the path from/to the virtual machine. Or sometimes the packets are not even supposed to leave the virtual machine (for example with veth or hwsim). But is it also possible to start tcpdump inside the virtual machine via ssh and send the captured data to a local fifo (named pipe) on the host machine. Wireshark can read from the pipe and show the captured data + +<pre> +mkfifo remote-dump +ssh root@192.168.251.51 'tcpdump -i enp0s1 -s 0 -U -n -w - "port not 22"' > remote-dump +wireshark -k -i remote-dump +</pre> \ No newline at end of file