I'm new to DPDK. I'm trying to learn about KNI. I compiled and fired up the KNI example provided with the library.
I used the ifconfig commands to bring up the vEth interfaces that spin up corresponding to each port and assign ipaddress and netmasks to them.
I tried to ping and hping (tcp ping) other machines on the same network. Through tcpdump, I can see that the KNI interfaces send out the right frames but don't seem to be receiving anything.
I don't see any errors in dmesg or the console running the KNI test script.
I proceeded to try and debug by printing out mbufs entries. The KNI Rx doesn't seem find anything in the ring buffer corresponding to the Eth port which is supposed to receive the data/frames. However, the ifconfig messages do show up on the buffers and are accordingly acted upon by the kernel.
It would be very helpful if someone can advise me on how to move forward with this and get this to work as it is supposed to. I have been spinning my wheels on this for a while. I have tried this on both VMs and physical machine with multiple network interfaces.
Thanks
Use e1000 emulated nic for VM. It will work as expected.
Related
just started with wireshark and tcpdump,
they both work fine if I capture traffic on my IP but doesn`t capture anything on other sources (other IP on my network)
my setup : 1 pc running windows 8(ip 192.168.0.2), 1 laptop running ubuntu(192.168.0.3).
Both connected to a cheap unmanaged 5 port switch , that is connected to my router.
Both wired, even tried with the laptop on wireless mode.
if I run tcpdump on my laptop with filters: host 192.168.0.2(computer IP add) it does not capture anything!
Same if I run wireshark on my computer but use filters such as dest 192.168.0.3 (laptops IP)
Tried tcpdump with net 192.168.0.0/24 (should be capturing traffic from my whole network)... same result , captures only traffic that is destined to my IP (laptop from witch I am runing the command)
Tried setting to Promiscuous ON , on both the laptop and pc , same result.
Any ideea why I am not being able to capture anything from other IP addresses?
"Both connected to a cheap unmanaged 5 port switch"
As you've already discovered, your current capture setup won't work. From the Wireshark CaptureSetup/Ethernet wiki page:
In addition, if you are on a switched Ethernet, rather than a shared
Ethernet, you will also have to take action to ensure that all traffic
in which you're interested is sent to the Ethernet adapter on the
machine running the packet capture program; that is not, by default,
the case on switched networks, so attempts to capture on a switched
network will, by default, see only traffic that the capturing machine
would see when not in promiscuous mode.
Refer to that same page for a number of solutions, including using a TAP, a managed switch, or even a hub (if you can even find one and have no other choice), just to name a few.
In addition to the Wireshark wiki page, I'd also highly recommend reading the very talented Jasper Bongertz's 6-part Network Capture Playbook series:
The Network Capture Playbook Part 1 – Ethernet Basics
The Network Capture Playbook Part 2 – Speed, Duplex and Drops
The Network Capture Playbook Part 3 – Network cards
The Network Capture Playbook Part 4 – SPAN Port In-Depth
The Network Capture Playbook Part 5 – Network TAP Basics
The Network Capture Playbook Part 6 – Planning Network Troubleshooting
I am new in Wireshark. My question is about Telnet and Eclipse. I have a program who communicate with Telnet. As you see in picture, When I write "a" in Telnet, [97] can be seen in Eclipse console as ASCII.
When i check Wireshark, I can not see any traffic on Telnet. When I filter as "ip.dst==10.10.10.12 && tcp.dstport==5000" or "tcp.port==23" or "Telnet", there is no data in wireshark. I guess, there is a problem in wireshark to see Telnet communication. How can i solve this problem?
Please check the screenshot.
Thanks in advance.Screenshot:
I assume your machine's IP address is 10.10.10.12 and that you are telneting from your machine to itself, right?
I don't know Windows, especially how network data are captured by a program like Wireshark, so I may be completely wrong. But I bet Wireshark on Windows can only see packets that actually use your network adapter (WLAN), i.e. which come from or go to an external machine. Traffic that stay inside your machine is probably invisible to it and to any program of that kind (because it's an limitation of the OS).
Instead of telneting to your WLAN IP address, you may try telneting to localhost (127.0.0.x) and make Wireshark spy on the loopback interface.
On our team we have a standardized development setup where we have a Win8 workstation with various VMs running on Hyper-V. All development takes place on a VM.
I was having an issue where I couldn't check out a project from a Team Foundation Server using VS2012, it would start checking out, but then the connection drops. I fired up Wireshark to check what's happening, but then it worked fine. I double checked:
When Wireshark(or rather WinPcap which is doing the actual capture), running on the workstation, is capturing packets from the VM's virtual NIC, everything works fine.
As soon as I stop the capture, TFS can't check out.
So I can't even properly inspect the network traffic to diagnose the issue, because the act of inspecting traffic changes it. Heisenberg would be proud!
I thought it might be an issue with Wireshark overriding some check-sum offloading settings, but it seems not to be the case.
So what else can be affected by running Wireshark? I rather thought that the point of packet sniffers is that they don't change the packets as they capture them.
That means you are picking traffic that normally would not be picked by the vmnic.
Try to check on mac address level what is happening. Maybe mac address conflict between VMs ?
ps. You can whireshark without promiscuous mode. The the Heisenberg rule should not apply :)
in my college lab all the PCs are connected via LAN by L2 switch. i want to capture the http data packets by wireshark but it is only showing the interface of my own PC. so how can i capture the packets of other PCs.
can somebody tell me working of wireshark?
It is in the nature of switches that you will only see either broadcast packets or traffic that has your MAC address as a destination, that is one of the crucial differences between a switch and a hub.
It is possible for most switches to be configured to copy traffic from one port to another, this is commonly done for monitoring purposes, but that has to be done via administrative access to the device.
You can manipulate the switch's behavior by means of ARP-Spoofing. But be cautious! Doing so might be seen as a criminal act.
So be sure that you're allowed to do so in the lab, sometimes that's OK if it serves the educational purpose. Ask your supervisor or the school's administrator.
My weapon of choice for such things is Ettercap.
A far less intrusive approach would be to use one of your own switches and configure it to forward all traffic. Then you can connect one port as an uplink to the lab's switch, one port to the device under test and one port to your machine running wireshark. (I would recommend using tcpdump for capturing, though.) If you don't have a manageable switch at hand, you can also use a router running OpenWRT.
I have two applications (.exe) that are running on the same machine (Windows XP x86) and I know are communicating with eachother (I dont know how, I didn't write them). I would like to find a way to sniff the communication between the applications. Is there a way to do this?
I've done some messing with ProMon and i can probably figure it out from there but I'm wondering if there is something a little more specific to this purpose. ProMon can be a bit intimidating.
First, you could watch your two applications with a system call tracer like StraceNT (or see this question). With some luck, you should be able to figure out whether the processes communicate through a local socket, a TCP connection (via localhost undoubtedly), a pipe, a named file, or shared memory.
You can also run netstat while the applications are running to see if they are opening any network ports.
Once you know what you're looking for, you can choose a more specific monitoring tool. If it's network communication (even over a loopback interface), you could try capturing the data with something like WinDump. If the communication is via shared memory, you could attach a debugger to one of the two processes and inspect the shared memory periodically.