Re: unable to dissect libvirt rpc packets using wireshark plugin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Michal,
Thank you for your suggestion. My apologies that I took sometime to get back
on further confirmation. Regrettably, my tshark is still unable to find libvirt payload 
inside packet capture, though it lists libvirt as a possible filter.

     # rpm -ql libvirt-wireshark-1.2.9.3-2.fc21.x86_64
     /usr/lib64/wireshark/plugins/1.12.5/libvirt.so
As I used wireshark 1.12.6 version, I created 1.12.6 directory under plugins and copied above .so. 
     /usr/lib64/wireshark/plugins/1.12.6/libvirt.so

     # tshark -G protocols | grep -i libvirt
     Libvirt    libvirt    libvirt

     # tshark -r libvirt.pcap libvirt
     #
Are there any dependency between libvirt and wireshark dissector mechanism to co-exist and work together (ie. whether the above libvirt-wireshark missing some changes that dissector expecting ??). If you have sample pcap to recheck my wireshark/tshark, could you please 
share with me ?

Regards,
Gowrishankar

On Thursday 29 October 2015 06:18 PM, Michal Privoznik wrote:

On 26.10.2015 11:38, gowrishankar wrote:

Hi,
I am trying libvirt plugin in wireshark to dissect RPC payload in TCP, but
finding dissector code not really working.

My env is Fedora core 21 (x86_64) and installed packages are as follow:

     wireshark-1.12.6-1.fc21.x86_64
     libvirt-wireshark-1.2.9.3-2.fc21.x86_64


Earlier, just after installation, I noticed libvirt.so available only in
/usr/lib64/wireshark/plugins/1.12.5/ . Wireshark could not load libvirt
plugin.

Yes, this is inherently broken. See my patch that I've just proposed:

https://www.redhat.com/archives/libvir-list/2015-October/msg00852.html


So, I copied above .so into 1.12.6/ under same plugins folder, following it
wireshark could list libvirt as supported protocol.

     tshark -G protocols | grep libvirt
     Libvirt    libvirt    libvirt

However, on checking with some pcaps which has libvirt RPC calls
captured on
wire, wireshark does not list libvirt RPC packets, as I search for
"libvirt"
protocol in pcap.

What is the command you're trying? Because if I copy the plugin over to
the correct directory it seems to be working for me.


Have anyone experienced this before or if you have any pointer that I could
check in my env, that would be very helpful.


Michal





_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users
[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux