Hello,
I have a setup with 5VMs running on the same virtual LAN. I'm able to capture the traffic associated on each machine using the options nictrace nictrafile on each machine, which leads to 5 different pcap files. If possible, I would like to capture all LAN traffic in a single pcap file in order to see properly the timing among packets from all different flows on the virtual LAN but I have not been able to figure out how to do it. Is there any way to do it or some workaround to achieve this?
Thanks in advance!!!!
VirtualBox Networking Traces
-
socratis
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: VirtualBox Networking Traces
I don't know of anything intrinsic in VirtualBox, but a really, really quick search for "combine pcap files" shows as its first result that Wireshark supports that:
Have you tried it? Both searching and the Wireshark option?Sometimes you need to merge several capture files into one. For example, this can be useful if you have captured simultaneously from multiple interfaces at once (e.g. using multiple instances of Wireshark).
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Re: VirtualBox Networking Traces
Thanks for tip! It is interesting but as far as I understand, if the captures are not launched synchronously, the time references would be not the same for each file, which removes time information. Correct me if I'm wrong.
-
socratis
- Site Moderator
- Posts: 27329
- Joined: 22. Oct 2010, 11:03
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Win(*>98), Linux*, OSX>10.5
- Location: Greece
Re: VirtualBox Networking Traces
I don't know if you're right or if you're wrong, I've never tried it. I just looked at the problem as I would have to look at it if we were talking about physical computers.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
-
Perryg
- Site Moderator
- Posts: 34369
- Joined: 6. Sep 2008, 22:55
- Primary OS: Linux other
- VBox Version: OSE self-compiled
- Guest OSses: *NIX
Re: VirtualBox Networking Traces
It should be possible to monitor the guests traffic at the same time with wireshark if you set it to promiscuous mode and run on the host. In fact you probably will see all LAN traffic this way and then you can filter it down to what ever you want. Although it depends on the type of network mode you choose for the guests as well. Bridged would be the best choice unless you want to use host-only and just monitor the guests to host traffic. Keep in mind wireshark is outside the scope of this forum and you would need to ask them technical questions on the proper use of their product.