On 07.01.2016 08:05, gowrishankar wrote: > Hi Michal, > Thank you for your suggestion. My apologies that I took sometime to get > back > on further confirmation. Regrettably, my tshark is still unable to find > libvirt payload > inside packet capture, though it lists libvirt as a possible filter. > > # rpm -ql libvirt-wireshark-1.2.9.3-2.fc21.x86_64 > /usr/lib64/wireshark/plugins/1.12.5/libvirt.so > > As I used wireshark 1.12.6 version, I created 1.12.6 directory > under plugins and copied above .so. > /usr/lib64/wireshark/plugins/1.12.6/libvirt.so > > # tshark -G protocols | grep -i libvirt > Libvirt libvirt libvirt > > # tshark -r libvirt.pcap libvirt > # > Interesting. This indeed may be that your pcap file does not contain any libvirt packets. Esp. if you tested it locally - if you haven't specified to use TCP stack, UNIX socket is used by default. > Are there any dependency between libvirt and wireshark dissector > mechanism to co-exist and > work together (ie. whether the above libvirt-wireshark missing some > changes that dissector > expecting ??). If you have sample pcap to recheck my wireshark/tshark, > could you please > share with me ? Sure: https://mprivozn.fedorapeople.org/libvirt.pcap $ tshark -r libvirt.pcap libvirt | tail -n1 89 29.520014062 ::1 -> ::1 Libvirt 114 Prog=REMOTE Proc=CONNECT_CLOSE Type=REPLY Serial=32 Status=OK So I can get 89 libvirt packets from the dump. Michal _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
