[libvirt-users] unable to dissect libvirt rpc packets using wireshark plugin
Michal Privoznik
mprivozn at redhat.com
Thu Oct 29 12:48:42 UTC 2015
On 26.10.2015 11:38, gowrishankar wrote:
>
> Hi,
> I am trying libvirt plugin in wireshark to dissect RPC payload in TCP, but
> finding dissector code not really working.
>
> My env is Fedora core 21 (x86_64) and installed packages are as follow:
>
> wireshark-1.12.6-1.fc21.x86_64
> libvirt-wireshark-1.2.9.3-2.fc21.x86_64
>
>
> Earlier, just after installation, I noticed libvirt.so available only in
> /usr/lib64/wireshark/plugins/1.12.5/ . Wireshark could not load libvirt
> plugin.
Yes, this is inherently broken. See my patch that I've just proposed:
https://www.redhat.com/archives/libvir-list/2015-October/msg00852.html
> So, I copied above .so into 1.12.6/ under same plugins folder, following it
> wireshark could list libvirt as supported protocol.
>
> tshark -G protocols | grep libvirt
> Libvirt libvirt libvirt
>
> However, on checking with some pcaps which has libvirt RPC calls
> captured on
> wire, wireshark does not list libvirt RPC packets, as I search for
> "libvirt"
> protocol in pcap.
What is the command you're trying? Because if I copy the plugin over to
the correct directory it seems to be working for me.
>
> Have anyone experienced this before or if you have any pointer that I could
> check in my env, that would be very helpful.
>
Michal
More information about the libvirt-users
mailing list