Custom Search

SUBSCRIBE

SUBSCRIBE : 300 + Free Video Tutorials Programming (Python, golang, Julia), DevOps

Saturday, July 12, 2014

OpenStack neutron How to use tshark to capture packets from interface in the namespace

1)
Find all namespace
saju@ubuntu:~/openstack/devstack$ ip netns
qdhcp-2b42534a-b49f-45c4-9799-609978802299
qrouter-100af7f0-7d4c-4ece-bd58-22bfa09e1199

saju@ubuntu:~/openstack/devstack$
saju@ubuntu:~/openstack/devstack$

2)
Find all interfaces in the namespace "qdhcp-2b42534a-b49f-45c4-9799-609978802299"

saju@ubuntu:~/openstack/devstack$ sudo ip netns exec qdhcp-2b42534a-b49f-45c4-9799-609978802299 ifconfig
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:576 (576.0 B)  TX bytes:576 (576.0 B)

tap9ba0e606-87 Link encap:Ethernet  HWaddr fa:16:3e:c3:b2:34 
          inet addr:10.0.0.3  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fec3:b234/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:239 errors:0 dropped:0 overruns:0 frame:0
          TX packets:156 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:18918 (18.9 KB)  TX bytes:14867 (14.8 KB)
saju@ubuntu:~/openstack/devstack$
saju@ubuntu:~/openstack/devstack$


3)
Capture the packets from the interface "tap9ba0e606-87" in the namespace "qdhcp-2b42534a-b49f-45c4-9799-609978802299" using tshark

saju@ubuntu:~/openstack/devstack$ sudo ip netns exec qdhcp-2b42534a-b49f-45c4-9799-609978802299 tshark -i tap9ba0e606-87
tshark: Lua: Error during loading:
 [string "/usr/share/wireshark/init.lua"]:46: dofile has been disabled due to running Wireshark as superuser. See http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
Running as user "root" and group "root". This could be dangerous.
Capturing on 'tap9ba0e606-87'
  1   0.000000     10.0.0.4 -> 10.0.0.3     ICMP 98 Echo (ping) request  id=0x04cf, seq=39/9984, ttl=64
  2   0.000199     10.0.0.3 -> 10.0.0.4     ICMP 98 Echo (ping) reply    id=0x04cf, seq=39/9984, ttl=64 (request in 1)
  3   0.297269   172.24.4.1 -> 10.0.0.3     ICMP 98 Echo (ping) request  id=0x4fc0, seq=61/15616, ttl=63
3   4   0.297373     10.0.0.3 -> 172.24.4.1   ICMP 98 Echo (ping) reply    id=0x4fc0, seq=61/15616, ttl=64 (request in 3)
  5   0.985129 fa:16:3e:c3:b2:34 -> fa:16:3e:62:bc:9b ARP 42 Who has 10.0.0.4?  Tell 10.0.0.3
5   6   0.988952 fa:16:3e:62:bc:9b -> fa:16:3e:c3:b2:34 ARP 42 10.0.0.4 is at fa:16:3e:62:bc:9b
  7   1.003747     10.0.0.4 -> 10.0.0.3     ICMP 98 Echo (ping) request  id=0x04cf, seq=40/10240, ttl=64
  8   1.003868     10.0.0.3 -> 10.0.0.4     ICMP 98 Echo (ping) reply    id=0x04cf, seq=40/10240, ttl=64 (request in 7)
  9   1.297265   172.24.4.1 -> 10.0.0.3     ICMP 98 Echo (ping) request  id=0x4fc0, seq=62/15872, ttl=63
 10   1.297403     10.0.0.3 -> 172.24.4.1   ICMP 98 Echo (ping) reply    id=0x4fc0, seq=62/15872, ttl=64 (request in 9)
10  11   2.007664     10.0.0.4 -> 10.0.0.3     ICMP 98 Echo (ping) request  id=0x04cf, seq=41/10496, ttl=64
11 ^C 12   2.007810     10.0.0.3 -> 10.0.0.4     ICMP 98 Echo (ping) reply    id=0x04cf, seq=41/10496, ttl=64 (request in 11)
12
1 packet dropped
saju@ubuntu:~/openstack/devstack$















1 comment:

  1. https://community.rackspace.com/products/f/45/t/1789

    ReplyDelete