libvirt users - Mar 2018 - Unable to libvirt wireshark dissector

Hi guys,
I am trying to analyze libvirt rpc protocol by wireshark. But I found
wireshark doesn't dissect libvirt packets. Here are my environments
operations:

1. Environments:
My system: Debian GNU/Linux buster/sid with *kernel-4.15.0-1-amd64*
Packages installed:


*libvirt0-4.1.0-2-amd64 libvirt-wireshark-4.1.0-2-amd64
wireshark-2.4.5-1-amd64*
2. Libvirt configurations
*/etc/libvirt/libvirtd.conf*:



*listen_tls = 0listen_tcp = 1tcp_port = "16509"auth_tcp =
"none"*

Libvirtd started with options


*--listen*
3. Check wireshark libvirt plugin:
Open menu: *Help* --> *About* *wireshark* --> *Plugins*. Libvirt plugin is
found:
*libvirt.so 4.1.0 dissector
/usr/lib/x86_64-linux-gnu/w…rk/plugins/2.4.5/libvirt.so*


4. Set wireshark listening on *lo* interface and filter as
'tcp.port==16509'. Execute virsh command via tcp protocol:
$ virsh -c qemu+tcp://localhost/system list

In wireshark, packets are parsed as TCP protocol. And I cannot find Libvirt
protocol in 'Decode as..' protocols list. And libvirt protocol is also
not
found in *Edit* --> *Preference* --> *Protocols*.

So it seems libvirt packets are not dissected as libvirt protocol in
wireshark. How can I use the wireshark libvirt plugin?
-- 
Best regards,
-----------------------------------
Han Han
Quality Engineer
Redhat.

Email: hhan@redhat.com
Phone: +861065339333 <+86%2010%206533%209333>

On 03/27/2018 08:41 AM, Han Han wrote:
> Hi guys,
> I am trying to analyze libvirt rpc protocol by wireshark. But I found
> wireshark doesn't dissect libvirt packets. Here are my environments
> operations:
> 
> 1. Environments:
> My system: Debian GNU/Linux buster/sid with *kernel-4.15.0-1-amd64*
> Packages installed:
> 
> 
> *libvirt0-4.1.0-2-amd64 libvirt-wireshark-4.1.0-2-amd64
> wireshark-2.4.5-1-amd64*
> 2. Libvirt configurations
> */etc/libvirt/libvirtd.conf*:
> 
> 
> 
> *listen_tls = 0listen_tcp = 1tcp_port = "16509"auth_tcp =
"none"*
> 
> Libvirtd started with options
> 
> 
> *--listen*
> 3. Check wireshark libvirt plugin:
> Open menu: *Help* --> *About* *wireshark* --> *Plugins*. Libvirt
plugin is
> found:
> *libvirt.so 4.1.0 dissector
> /usr/lib/x86_64-linux-gnu/w…rk/plugins/2.4.5/libvirt.so*
> 
> 
> 4. Set wireshark listening on *lo* interface and filter as
> 'tcp.port==16509'. Execute virsh command via tcp protocol:
> $ virsh -c qemu+tcp://localhost/system list
> 
> In wireshark, packets are parsed as TCP protocol. And I cannot find Libvirt
> protocol in 'Decode as..' protocols list. And libvirt protocol is
also not
> found in *Edit* --> *Preference* --> *Protocols*.
> 
> So it seems libvirt packets are not dissected as libvirt protocol in
> wireshark. How can I use the wireshark libvirt plugin?
This is weird. It's working for me. Looks like your libvirt plugin is
not loaded. If you build the wireshark plugin from libvirt.git and then
copy it to "~/.config/wireshark/plugins/libvirt.so" does it help?

Michal