[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt-users] unable to dissect libvirt rpc packets using wireshark plugin



On 26.10.2015 11:38, gowrishankar wrote:
> 
> Hi,
> I am trying libvirt plugin in wireshark to dissect RPC payload in TCP, but
> finding dissector code not really working.
> 
> My env is Fedora core 21 (x86_64) and installed packages are as follow:
> 
>     wireshark-1.12.6-1.fc21.x86_64
>     libvirt-wireshark-1.2.9.3-2.fc21.x86_64
> 
> 
> Earlier, just after installation, I noticed libvirt.so available only in
> /usr/lib64/wireshark/plugins/1.12.5/ . Wireshark could not load libvirt
> plugin.

Yes, this is inherently broken. See my patch that I've just proposed:

https://www.redhat.com/archives/libvir-list/2015-October/msg00852.html

> So, I copied above .so into 1.12.6/ under same plugins folder, following it
> wireshark could list libvirt as supported protocol.
> 
>     tshark -G protocols | grep libvirt
>     Libvirt    libvirt    libvirt
> 
> However, on checking with some pcaps which has libvirt RPC calls
> captured on
> wire, wireshark does not list libvirt RPC packets, as I search for
> "libvirt"
> protocol in pcap.

What is the command you're trying? Because if I copy the plugin over to
the correct directory it seems to be working for me.

> 
> Have anyone experienced this before or if you have any pointer that I could
> check in my env, that would be very helpful.
> 

Michal


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]