13 Apr
2018
13 Apr
'18
7:50 a.m.
Hi Emery,
Thanks for your suggestion to log the intercepted network packets in a pcap(ng) file. This could be a valuable extension to the nic_tap component.
I would recommend to use the proposed nic_tap component to deal with the interception and implement the pcap(ng) implementation in a dedicated component.
The proposed nic_tap component only duplicates intercepted packets to the 'tap' Nic client. Its purpose is to delegate further processing of the intercepted network packets to other components. For example to a guest running Linux and Wireshark, or to a component that writes pcap(ng) files to a storage location.
--
Met vriendelijke groet / kind regards,
Martijn Verschoor
Cyber Security Labs B.V. | Gooimeer 6-31 | 1411 DD Naarden | The Netherlands
+31 35 631 3253 (office) | +31 616 014 087 (mobile)
On 07-04-18 14:50, Emery Hemingway wrote:
> Hi Martijn,
>
> I had considered doing this, but didn't find enought time. I did some
> research though. The 'pcapng' is the file format to use if you want
> compatibility with wireshark. It is also the same format that QEMU
> outputs when used with the '-nic dump,file=...' option. The spec is
> pretty easy to understand: https://github.com/pcapng/pcapng
>
> I had started on a component, but I can't find any code. I don't
> remember getting very far, but I do remember using the pcapfix utility
> was helpful to see how bad my dumps were.
> http://f00l.de/pcapfix/
>
> Cheers,
> Emery
>
> On Thu, 5 Apr 2018 15:07:40 +0200
> Martijn Verschoor <verschoor@...434...> wrote:
>
>> Hi everyone,
>>
>> I would like to pitch an idea to improve network protocol debugging on
>> Genode.
>>
>> I value the verbosity option of the `nic_router` and the `nic_dump`
>> components, but sometimes I'd like the ability delve deeper into
>> packets, like I am used to with Wireshark. But extending the log based
>> network debugging in Genode to reach that level of detail clearly
>> doesn't make sense.
>>
>> Another option is to introduce an intercepting `nic_tap` component
>> that implements a bump-in-the-interface between a Nic client and a
>> Nic server and duplicates all packets between the client and the
>> server to a dedicated Nic tap interface. A Nic client connected to
>> the Nic tap interface is presented with all network packets, both up-
>> and downstream, of the intercepted Nic session.
>>
>> The nic_tap is especially useful when running on real hardware. There
>> are various ways to use the nic_tap. An obvious scenario is to setup
>> an instance of VirtualBox with Linux and Wireshark that is routed to
>> use the Nic tap. But it should also be possible to route the Nic tap
>> to an external Nic interface (granted that you have a solution to tie
>> two Nic clients together, but that’s easy enough).
>>
>> In my view the nic_tap would be a valuable and complementing addition
>> to the set of Genode network debugging tools.
>>
>> What do you think, would you benefit from such a component?
>>
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
>
> _______________________________________________
> genode-main mailing list
> genode-main@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
>