Han Han
2018-03-27 06:41:25 UTC
Hi guys,
I am trying to analyze libvirt rpc protocol by wireshark. But I found
wireshark doesn't dissect libvirt packets. Here are my environments
operations:
1. Environments:
My system: Debian GNU/Linux buster/sid with *kernel-4.15.0-1-amd64*
Packages installed:
*libvirt0-4.1.0-2-amd64 libvirt-wireshark-4.1.0-2-amd64
wireshark-2.4.5-1-amd64*
2. Libvirt configurations
*/etc/libvirt/libvirtd.conf*:
*listen_tls = 0listen_tcp = 1tcp_port = "16509"auth_tcp = "none"*
Libvirtd started with options
*--listen*
3. Check wireshark libvirt plugin:
Open menu: *Help* --> *About* *wireshark* --> *Plugins*. Libvirt plugin is
found:
*libvirt.so 4.1.0 dissector
/usr/lib/x86_64-linux-gnu/wâŠrk/plugins/2.4.5/libvirt.so*
4. Set wireshark listening on *lo* interface and filter as
'tcp.port==16509'. Execute virsh command via tcp protocol:
$ virsh -c qemu+tcp://localhost/system list
In wireshark, packets are parsed as TCP protocol. And I cannot find Libvirt
protocol in 'Decode as..' protocols list. And libvirt protocol is also not
found in *Edit* --> *Preference* --> *Protocols*.
So it seems libvirt packets are not dissected as libvirt protocol in
wireshark. How can I use the wireshark libvirt plugin?
I am trying to analyze libvirt rpc protocol by wireshark. But I found
wireshark doesn't dissect libvirt packets. Here are my environments
operations:
1. Environments:
My system: Debian GNU/Linux buster/sid with *kernel-4.15.0-1-amd64*
Packages installed:
*libvirt0-4.1.0-2-amd64 libvirt-wireshark-4.1.0-2-amd64
wireshark-2.4.5-1-amd64*
2. Libvirt configurations
*/etc/libvirt/libvirtd.conf*:
*listen_tls = 0listen_tcp = 1tcp_port = "16509"auth_tcp = "none"*
Libvirtd started with options
*--listen*
3. Check wireshark libvirt plugin:
Open menu: *Help* --> *About* *wireshark* --> *Plugins*. Libvirt plugin is
found:
*libvirt.so 4.1.0 dissector
/usr/lib/x86_64-linux-gnu/wâŠrk/plugins/2.4.5/libvirt.so*
4. Set wireshark listening on *lo* interface and filter as
'tcp.port==16509'. Execute virsh command via tcp protocol:
$ virsh -c qemu+tcp://localhost/system list
In wireshark, packets are parsed as TCP protocol. And I cannot find Libvirt
protocol in 'Decode as..' protocols list. And libvirt protocol is also not
found in *Edit* --> *Preference* --> *Protocols*.
So it seems libvirt packets are not dissected as libvirt protocol in
wireshark. How can I use the wireshark libvirt plugin?
--
Best regards,
-----------------------------------
Han Han
Quality Engineer
Redhat.
Email: ***@redhat.com
Phone: +861065339333 <+86%2010%206533%209333>
Best regards,
-----------------------------------
Han Han
Quality Engineer
Redhat.
Email: ***@redhat.com
Phone: +861065339333 <+86%2010%206533%209333>