[Netkit.users] How to better sniff traffic in Netkit?

Julien Iguchi-Cartigny julien.cartigny at unilim.fr
Sat Dec 5 17:02:20 CET 2009


Please see my patch to UML and Netkit:

<http://kartoch.msi.unilim.fr/wiki/index.php?n=Netkit.InstallSniffing>

It provides sniffing without root support by directly dump traffic in
uml_switch in cap format (which can be read by wireshark or tcpdump for
instance). Hence you can have real-time sniffing by an application on
the host.

It has not been tested with the lastest release (and sadly not included).

Hope that could help.

Cheers,

Julien.

Marco wrote:
> Let me try to explain better.
> 
> Currently, as far as I can tell the only way to capture network traffic 
> between netkit hosts in a lab is to run tcpdump in a virtual host, either 
> looking at the traffic in real time, or saving it to a pcap file that can be 
> inspected later.
> 
> What I'd like to be able to do is to connect a tap interface on the real host 
> to an arbitray running uml_switch (ie to one of the broadcast domains), so I 
> could directly run tcpdump or wireshark on the host to see the traffic in that 
> broadcast domain.
> 
> Currently, the so-called "tap collision domain" does not provide that kind of 
> functionality, and furthermore using a tap collision domain requires root 
> access, and it automatically runs a number of steps which might or might not 
> be necessary, like enabling NAT, adding routes, enabling routing, etc., which 
> imho would be better controlled directly by the user rather than performed 
> automatically.
> In other words, a tap collision domain is not necessarily used to connect 
> netkit to the Internet, which is what you assume currently.
> 
> The above issues in the past led me to (badly) hack netkit's scripts to be 
> able to do what I wanted, but it would be great if native support was added to 
> netkit.
> 
> What I'm suggesting is to add the possibility to specify the name of a 
> (perhaps already-existing) tap interface to be connected to a given collision 
> domain (ie, a uml_switch) at lab startup, maybe with the option of creating it 
> if it doesn't exist already (and that would require root access of course). 
> Once that is in place, the user can choose how to use that. For example, he 
> can just attach tcpdump to the tap interface from the host to sniff traffic, 
> or he may give it an IP address, enable routing, etc. to connect the netkit 
> lab to some other network or the Internet, etc.
> 
> In my opinion this would be much more flexible than the current tap support.
> 
> On a slightly related note, is vde support planned in netkit?
> 
> Thank you very much.
> 
> Marco
> _______________________________________________
> Netkit.users mailing list
> Netkit.users at list.dia.uniroma3.it
> http://list.dia.uniroma3.it/mailman/listinfo/netkit.users


More information about the Netkit.users mailing list