[Netkit.users] How to better sniff traffic in Netkit?
Julien Iguchi-Cartigny
julien.cartigny at unilim.fr
Sat Dec 5 17:02:20 CET 2009
Please see my patch to UML and Netkit:
<http://kartoch.msi.unilim.fr/wiki/index.php?n=Netkit.InstallSniffing>
It provides sniffing without root support by directly dump traffic in
uml_switch in cap format (which can be read by wireshark or tcpdump for
instance). Hence you can have real-time sniffing by an application on
the host.
It has not been tested with the lastest release (and sadly not included).
Hope that could help.
Cheers,
Julien.
Marco wrote:
> Let me try to explain better.
>
> Currently, as far as I can tell the only way to capture network traffic
> between netkit hosts in a lab is to run tcpdump in a virtual host, either
> looking at the traffic in real time, or saving it to a pcap file that can be
> inspected later.
>
> What I'd like to be able to do is to connect a tap interface on the real host
> to an arbitray running uml_switch (ie to one of the broadcast domains), so I
> could directly run tcpdump or wireshark on the host to see the traffic in that
> broadcast domain.
>
> Currently, the so-called "tap collision domain" does not provide that kind of
> functionality, and furthermore using a tap collision domain requires root
> access, and it automatically runs a number of steps which might or might not
> be necessary, like enabling NAT, adding routes, enabling routing, etc., which
> imho would be better controlled directly by the user rather than performed
> automatically.
> In other words, a tap collision domain is not necessarily used to connect
> netkit to the Internet, which is what you assume currently.
>
> The above issues in the past led me to (badly) hack netkit's scripts to be
> able to do what I wanted, but it would be great if native support was added to
> netkit.
>
> What I'm suggesting is to add the possibility to specify the name of a
> (perhaps already-existing) tap interface to be connected to a given collision
> domain (ie, a uml_switch) at lab startup, maybe with the option of creating it
> if it doesn't exist already (and that would require root access of course).
> Once that is in place, the user can choose how to use that. For example, he
> can just attach tcpdump to the tap interface from the host to sniff traffic,
> or he may give it an IP address, enable routing, etc. to connect the netkit
> lab to some other network or the Internet, etc.
>
> In my opinion this would be much more flexible than the current tap support.
>
> On a slightly related note, is vde support planned in netkit?
>
> Thank you very much.
>
> Marco
> _______________________________________________
> Netkit.users mailing list
> Netkit.users at list.dia.uniroma3.it
> http://list.dia.uniroma3.it/mailman/listinfo/netkit.users
More information about the Netkit.users
mailing list