[Netkit.users] How to better sniff traffic in Netkit?

Massimo Rimondini rimondin at dia.uniroma3.it
Wed Dec 9 15:14:58 CET 2009 

Dear Marco,

I was about to point you to Julien's patch, which is the best way of
obtaining what you asked for.

As for the configuration of network interfaces, the reason why we
settled on currently offered options and automatisms is that we did not
want to trade simplicity of usage for flexibility of configuration.
After all, one of the main goals of Netkit is to provide an easy to use
interface to User-Mode Linux, setup of network interfaces, networking
software, etc., and exposing all the functions of these components to
the user would defeat this goal.

However, I agree with you that the configuration of network interfaces
should be made more flexible. This is something we plan to work on,
likely by taking advantage of VDE as you have mentioned.

Regards,
Massimo.


Marco wrote:
> Let me try to explain better.
>
> Currently, as far as I can tell the only way to capture network traffic 
> between netkit hosts in a lab is to run tcpdump in a virtual host, either 
> looking at the traffic in real time, or saving it to a pcap file that can be 
> inspected later.
>
> What I'd like to be able to do is to connect a tap interface on the real host 
> to an arbitray running uml_switch (ie to one of the broadcast domains), so I 
> could directly run tcpdump or wireshark on the host to see the traffic in that 
> broadcast domain.
>
> Currently, the so-called "tap collision domain" does not provide that kind of 
> functionality, and furthermore using a tap collision domain requires root 
> access, and it automatically runs a number of steps which might or might not 
> be necessary, like enabling NAT, adding routes, enabling routing, etc., which 
> imho would be better controlled directly by the user rather than performed 
> automatically.
> In other words, a tap collision domain is not necessarily used to connect 
> netkit to the Internet, which is what you assume currently.
>
> The above issues in the past led me to (badly) hack netkit's scripts to be 
> able to do what I wanted, but it would be great if native support was added to 
> netkit.
>
> What I'm suggesting is to add the possibility to specify the name of a 
> (perhaps already-existing) tap interface to be connected to a given collision 
> domain (ie, a uml_switch) at lab startup, maybe with the option of creating it 
> if it doesn't exist already (and that would require root access of course). 
> Once that is in place, the user can choose how to use that. For example, he 
> can just attach tcpdump to the tap interface from the host to sniff traffic, 
> or he may give it an IP address, enable routing, etc. to connect the netkit 
> lab to some other network or the Internet, etc.
>
> In my opinion this would be much more flexible than the current tap support.
>
> On a slightly related note, is vde support planned in netkit?
>
> Thank you very much.
>
> Marco
> _______________________________________________
> Netkit.users mailing list
> Netkit.users a list.dia.uniroma3.it
> http://list.dia.uniroma3.it/mailman/listinfo/netkit.users
>
>

More information about the Netkit.users mailing list