[libvirt-users] unable to dissect libvirt rpc packets using wireshark plugin
gowrishankar
gowrishankar.m at linux.vnet.ibm.com
Wed Jan 20 08:49:57 UTC 2016
Hi Michal,
By the way, I noticed ipv6 loopback IP addresses in your pcap. As I
normally try to capture on
nic where migration carried out, I thought of checking with you if your
wireshark could dissect
libvirt RPC in such pcap too (captured on a nic) ?.
During migration, I do not see any traffic on loopback and I think it is
expected, but thinking
how you get those captured ?. Any pointers/suggestions ? Appreciating
your help.
Regards,
Gowrishankar
On Thursday 07 January 2016 04:48 PM, gowrishankar wrote:
> Thank you Michal.
>
> With your pcap, I could confirm that, libvirt dissector worked in my
> environment as well.
> Yes, it could be that, my pcap do not have libvirt rpc packets
> correctly though I would have
> expected. I am checking on it.
>
> Regards,
> Gowrishankar
>
> On Thursday 07 January 2016 03:51 PM, Michal Privoznik wrote:
>> On 07.01.2016 08:05, gowrishankar wrote:
>>> Hi Michal,
>>> Thank you for your suggestion. My apologies that I took sometime to get
>>> back
>>> on further confirmation. Regrettably, my tshark is still unable to find
>>> libvirt payload
>>> inside packet capture, though it lists libvirt as a possible filter.
>>>
>>> # rpm -ql libvirt-wireshark-1.2.9.3-2.fc21.x86_64
>>> /usr/lib64/wireshark/plugins/1.12.5/libvirt.so
>>>
>>> As I used wireshark 1.12.6 version, I created 1.12.6 directory
>>> under plugins and copied above .so.
>>> /usr/lib64/wireshark/plugins/1.12.6/libvirt.so
>>>
>>> # tshark -G protocols | grep -i libvirt
>>> Libvirt libvirt libvirt
>>>
>>> # tshark -r libvirt.pcap libvirt
>>> #
>>>
>> Interesting. This indeed may be that your pcap file does not contain any
>> libvirt packets. Esp. if you tested it locally - if you haven't
>> specified to use TCP stack, UNIX socket is used by default.
>>
>>> Are there any dependency between libvirt and wireshark dissector
>>> mechanism to co-exist and
>>> work together (ie. whether the above libvirt-wireshark missing some
>>> changes that dissector
>>> expecting ??). If you have sample pcap to recheck my wireshark/tshark,
>>> could you please
>>> share with me ?
>> Sure:
>>
>> https://mprivozn.fedorapeople.org/libvirt.pcap
>>
>> $ tshark -r libvirt.pcap libvirt | tail -n1
>> 89 29.520014062 ::1 -> ::1 Libvirt 114 Prog=REMOTE
>> Proc=CONNECT_CLOSE Type=REPLY Serial=32 Status=OK
>>
>> So I can get 89 libvirt packets from the dump.
>>
>> Michal
>>
>>
>>
>
More information about the libvirt-users
mailing list