search

luigirizzo / netmap

Automatically exported from code.google.com/p/netmap
BSD 2-Clause "Simplified" License
1.85k stars 534 forks source link

Use wireshark together with netmap #810

Open ikreb7 opened 3 years ago

ikreb7 commented 3 years ago

I read that libpcap supports netmap and I could wireshark with netmap. But wireshark don't know the netmap interfaces. The command

 tshark -i vale0:0 -ci

returns

Capturing on 'vale0:0'
tshark: The capture session could not be initiated on interface 'vale0:0' (No such device exists).
Please check that you have the proper interface or pipe specified.
0 packets captured

Is this not possible? Do I something wrong?

jhk098 commented 3 years ago

Maybe you meant

$ tshark -i vale0:0 -c1

?

You can indeed use both tcpdump and tshark on netmap ports (e.g. -i netmap:eth0 or -i vale0:0), because the upstream libpcap project does support netmap. However, libpcap is built with netmap support only when building on a machine where netmap (likely the netmap headers) is installed. This is not the case for the libpcap packages that comes from your Linux distro, and that's why tshark is not working for you.

So what you need to do is to rebuild libpcap on your netmap host, and replace the library. At that point both tcpdump and tshark will start working as expected.