Re: unable to dissect libvirt rpc packets using wireshark plugin

[gowrishankar <gowrishankar.m@xxxxxxxxxxxxxxxxxx>]

Hi Michal,
By the way, I noticed ipv6 loopback IP addresses in your pcap. As I 
normally try to capture on
nic where migration carried out, I thought of checking with you if your 
wireshark could dissect
libvirt RPC in such pcap too (captured on a nic) ?.

During migration, I do not see any traffic on loopback and I think it is 
expected, but thinking
how you get those captured ?. Any pointers/suggestions ? Appreciating 
your help.

Regards,
Gowrishankar

On Thursday 07 January 2016 04:48 PM, gowrishankar wrote:
> Thank you Michal.
>
> With your pcap, I could confirm that, libvirt dissector worked in my 
> environment as well.
> Yes, it could be that, my pcap do not have libvirt rpc packets 
> correctly though I would have
> expected. I am checking on it.
>
> Regards,
> Gowrishankar
>
> On Thursday 07 January 2016 03:51 PM, Michal Privoznik wrote:
> > On 07.01.2016 08:05, gowrishankar wrote:
> > > Hi Michal,
> > > Thank you for your suggestion. My apologies that I took sometime to get
> > > back
> > > on further confirmation. Regrettably, my tshark is still unable to find
> > > libvirt payload
> > > inside packet capture, though it lists libvirt as a possible filter.
> > >
> > >       # rpm -ql libvirt-wireshark-1.2.9.3-2.fc21.x86_64
> > >       /usr/lib64/wireshark/plugins/1.12.5/libvirt.so
> > >
> > >       As I used wireshark 1.12.6 version, I created 1.12.6 directory
> > > under plugins and copied above .so.
> > >       /usr/lib64/wireshark/plugins/1.12.6/libvirt.so
> > >
> > >       # tshark -G protocols | grep -i libvirt
> > >       Libvirt    libvirt    libvirt
> > >
> > >       # tshark -r libvirt.pcap libvirt
> > >       #
> > Interesting. This indeed may be that your pcap file does not contain any
> > libvirt packets. Esp. if you tested it locally - if you haven't
> > specified to use TCP stack, UNIX socket is used by default.
> >
> > > Are there any dependency between libvirt and wireshark dissector
> > > mechanism to co-exist and
> > > work together (ie. whether the above libvirt-wireshark missing some
> > > changes that dissector
> > > expecting ??). If you have sample pcap to recheck my wireshark/tshark,
> > > could you please
> > > share with me ?
> > Sure:
> >
> > https://mprivozn.fedorapeople.org/libvirt.pcap
> >
> > $ tshark -r libvirt.pcap libvirt | tail -n1
> >   89 29.520014062          ::1 -> ::1          Libvirt 114 Prog=REMOTE
> > Proc=CONNECT_CLOSE Type=REPLY Serial=32 Status=OK
> >
> > So I can get 89 libvirt packets from the dump.
> >
> > Michal


_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users