[libvirt-users] unable to dissect libvirt rpc packets using wireshark plugin
gowrishankar
gowrishankar.m at linux.vnet.ibm.com
Thu Jan 7 11:18:42 UTC 2016
Thank you Michal.
With your pcap, I could confirm that, libvirt dissector worked in my
environment as well.
Yes, it could be that, my pcap do not have libvirt rpc packets correctly
though I would have
expected. I am checking on it.
Regards,
Gowrishankar
On Thursday 07 January 2016 03:51 PM, Michal Privoznik wrote:
> On 07.01.2016 08:05, gowrishankar wrote:
>> Hi Michal,
>> Thank you for your suggestion. My apologies that I took sometime to get
>> back
>> on further confirmation. Regrettably, my tshark is still unable to find
>> libvirt payload
>> inside packet capture, though it lists libvirt as a possible filter.
>>
>> # rpm -ql libvirt-wireshark-1.2.9.3-2.fc21.x86_64
>> /usr/lib64/wireshark/plugins/1.12.5/libvirt.so
>>
>> As I used wireshark 1.12.6 version, I created 1.12.6 directory
>> under plugins and copied above .so.
>> /usr/lib64/wireshark/plugins/1.12.6/libvirt.so
>>
>> # tshark -G protocols | grep -i libvirt
>> Libvirt libvirt libvirt
>>
>> # tshark -r libvirt.pcap libvirt
>> #
>>
> Interesting. This indeed may be that your pcap file does not contain any
> libvirt packets. Esp. if you tested it locally - if you haven't
> specified to use TCP stack, UNIX socket is used by default.
>
>> Are there any dependency between libvirt and wireshark dissector
>> mechanism to co-exist and
>> work together (ie. whether the above libvirt-wireshark missing some
>> changes that dissector
>> expecting ??). If you have sample pcap to recheck my wireshark/tshark,
>> could you please
>> share with me ?
> Sure:
>
> https://mprivozn.fedorapeople.org/libvirt.pcap
>
> $ tshark -r libvirt.pcap libvirt | tail -n1
> 89 29.520014062 ::1 -> ::1 Libvirt 114 Prog=REMOTE
> Proc=CONNECT_CLOSE Type=REPLY Serial=32 Status=OK
>
> So I can get 89 libvirt packets from the dump.
>
> Michal
>
>
>
More information about the libvirt-users
mailing list