Hi Emery, Thanks for your suggestion to log the intercepted network packets in a pcap(ng) file. This could be a valuable extension to the nic_tap component.
I would recommend to use the proposed nic_tap component to deal with the interception and implement the pcap(ng) implementation in a dedicated component. The proposed nic_tap component only duplicates intercepted packets to the 'tap' Nic client. Its purpose is to delegate further processing of the intercepted network packets to other components. For example to a guest running Linux and Wireshark, or to a component that writes pcap(ng) files to a storage location. -- Met vriendelijke groet / kind regards, Martijn Verschoor Cyber Security Labs B.V. | Gooimeer 6-31 | 1411 DD Naarden | The Netherlands +31 35 631 3253 (office) | +31 616 014 087 (mobile) On 07-04-18 14:50, Emery Hemingway wrote: > Hi Martijn, > > I had considered doing this, but didn't find enought time. I did some > research though. The 'pcapng' is the file format to use if you want > compatibility with wireshark. It is also the same format that QEMU > outputs when used with the '-nic dump,file=...' option. The spec is > pretty easy to understand: https://github.com/pcapng/pcapng > > I had started on a component, but I can't find any code. I don't > remember getting very far, but I do remember using the pcapfix utility > was helpful to see how bad my dumps were. > http://f00l.de/pcapfix/ > > Cheers, > Emery > > On Thu, 5 Apr 2018 15:07:40 +0200 > Martijn Verschoor <versch...@nlcsl.com> wrote: > >> Hi everyone, >> >> I would like to pitch an idea to improve network protocol debugging on >> Genode. >> >> I value the verbosity option of the `nic_router` and the `nic_dump` >> components, but sometimes I'd like the ability delve deeper into >> packets, like I am used to with Wireshark. But extending the log based >> network debugging in Genode to reach that level of detail clearly >> doesn't make sense. >> >> Another option is to introduce an intercepting `nic_tap` component >> that implements a bump-in-the-interface between a Nic client and a >> Nic server and duplicates all packets between the client and the >> server to a dedicated Nic tap interface. A Nic client connected to >> the Nic tap interface is presented with all network packets, both up- >> and downstream, of the intercepted Nic session. >> >> The nic_tap is especially useful when running on real hardware. There >> are various ways to use the nic_tap. An obvious scenario is to setup >> an instance of VirtualBox with Linux and Wireshark that is routed to >> use the Nic tap. But it should also be possible to route the Nic tap >> to an external Nic interface (granted that you have a solution to tie >> two Nic clients together, but that’s easy enough). >> >> In my view the nic_tap would be a valuable and complementing addition >> to the set of Genode network debugging tools. >> >> What do you think, would you benefit from such a component? >> > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > genode-main mailing list > genode-main@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/genode-main >
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
