wireshark

classic Classic list List threaded Threaded
7 messages Options
Bob
Reply | Threaded
Open this post in threaded view
|

wireshark

Bob
I have had a share for a partition on my system for a while.  I access that
share from a system running in VirtualBox when ever I need it so it is not used
every day.

After an update to Ubuntu I can no longer access the share.  Since I do not
access the share very often I do not know it the update is the problem or not.

I am trying to use wireshark to trace the samba interaction to identify which
system is causing the problem.  I would like to just capture the packets on the
vboxnet0 interface but that is not an option in wireshark.  Does anyone know
how to trace just the vboxnet0 interface?

--
Robert Blair


The inherent vice of capitalism is the unequal sharing of the blessings.  The inherent blessing of socialism is the equal sharing of misery.  -- Winston Churchill

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: wireshark

Mike Marchywka
>
>________________________________________
>From: ubuntu-users <[hidden email]> on behalf of Bob <[hidden email]>
>Sent: Tuesday, April 9, 2019 2:02 AM
>To: Ubuntu Users
>Subject: wireshark
>
>I have had a share for a partition on my system for a while.  I access that
>share from a system running in VirtualBox when ever I need it so it is not used
>every day.
>
>After an update to Ubuntu I can no longer access the share.  Since I do not
>access the share very often I do not know it the update is the problem or not.
>
>I am trying to use wireshark to trace the samba interaction to identify which
>system is causing the problem.  I would like to just capture the packets on the
>vboxnet0 interface but that is not an option in wireshark.  Does anyone know
>how to trace just the vboxnet0 interface?

Since no one else has answered, and I'm curious what new command line tools
are available, I can suggest a few things. Try tcpdump or netstat and look for
specific ports or IP addresses depending on what you are doing. IF you can
identify an interface with "ifconfig -a" that is good too. If you just run tcpdump
you can grep IIRC for port or IP or you could let it resolve numbers to names and
look for those too.  



>
>--
>Robert Blair
>
>
>The inherent vice of capitalism is the unequal sharing of the blessings.  The inherent blessing of socialism is the equal sharing of misery.  -- Winston Churchill
>
>--
>ubuntu-users mailing list
>[hidden email]
>Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users


note new address
 Mike Marchywka 306 Charles Cox Drive Canton, GA 30115
 2295 Collinworth  Drive Marietta GA 30062.  formerly 487 Salem Woods Drive Marietta GA 30067 404-788-1216 (C)<- leave message 989-348-4796 (P)<- emergency


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: wireshark

Karl Auer
> > I would like to just capture the packets on the vboxnet0 interface
> > but that is not an option in wireshark.  Does anyone know how to
> > trace just the vboxnet0 interface?

You'll only see the VB interfaces if the VM has Host Only Networking (I
think).

As Mike suggested, you should be able to filter on the target IP
address or even the target MAC address.

I went to test this theory and found that VirtualBox on my system was
broken (https://www.virtualbox.org/ticket/18315), so sorry, this is
just supposition ATM. If I remember when I have VirtualBox fixed I'll
post what I find out...

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D
Old fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: wireshark

Karl Auer
> > I would like to just capture the packets on the vboxnet0
> > interface but that is not an option in wireshark.  Does anyone know
> > how to trace just the vboxnet0 interface?

OK, VB fixed. I have a virtual with a bridged interface. The VB
interfaces are not visible in ifconfig and not visible to Wireshark.
But by electing to capture on the interface that is bridging (in my
case wlan0) and filtering on the IP address of the VM, I see all
traffic to and from the VM, and no traffic that does not involve the
VM. More selective filtering is left as an exercise for the reader :-)

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D
Old fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Bob
Reply | Threaded
Open this post in threaded view
|

Re: wireshark

Bob
** Reply to message from Karl Auer <[hidden email]> on Wed, 10 Apr 2019
01:29:35 +1000

> > > I would like to just capture the packets on the vboxnet0
> > > interface but that is not an option in wireshark.  Does anyone know
> > > how to trace just the vboxnet0 interface?
>
> OK, VB fixed. I have a virtual with a bridged interface. The VB
> interfaces are not visible in ifconfig and not visible to Wireshark.
> But by electing to capture on the interface that is bridging (in my
> case wlan0) and filtering on the IP address of the VM, I see all
> traffic to and from the VM, and no traffic that does not involve the
> VM. More selective filtering is left as an exercise for the reader :-)

I do not have a bridge listed in the interfaces on my system, I don't know if
this will make any difference.  I ran wireshark using the "any" link so that
should trace all interfaces wireshark knows about.  There were some entries
from the virtual machine but all of those were going out to the internet.
There were no trace entries that were only between the vm and Ubuntu.  I
suspect the vm interfaces are not exposed outside of VirtualBox, this suprized
me.  I am going to run a trace in the vm to see what is happening.

I did see some trace entries I did not like.  It appears that Ubuntu contacts a
google IP to test connectivity to the internet.  So now google can track my
traveles where ever I go and I do not like that.  It is not enough that google
captures all the searches I do, now Ubuntu is helping by also giving them my
location even if I neve use google.

--
Robert Blair


Talk is cheap...except when Congress does it.  -- Cullen Hightower

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: wireshark

Karl Auer
On Tue, 2019-04-09 at 21:26 -0700, Bob wrote:
> I do not have a bridge listed in the interfaces on my system, I don't
> know if this will make any difference.

It's the method of networking your VM. Typically it is one of NAT,
Bridged or Host Only. If it's Bridged, you won't see an actual
interface of type "bridge" - but you will have specified the interface
to bridge with, i.e., one of the native interfaces on your Linux
system. That's the "bridge interface" I mean.

Unless your VM is running in "Host Only" mode, there is no virtual
interface for wireshark to capture. So you have to capture from an
interface that the VM's traffic transits, and filter on some attribute
of the VM's traffic, such as the VM's IP address.

OR run wireshark on the virtual - then it will definitely see the
interface :-)

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D
Old fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: wireshark

Little Girl
In reply to this post by Bob
Hey there,

Bob wrote:

>I do not have a bridge listed in the interfaces on my system, I
>don't know if this will make any difference.  I ran wireshark using
>the "any" link so that should trace all interfaces wireshark knows
>about.  There were some entries from the virtual machine but all of
>those were going out to the internet. There were no trace entries
>that were only between the vm and Ubuntu.  I suspect the vm
>interfaces are not exposed outside of VirtualBox, this suprized me.
>I am going to run a trace in the vm to see what is happening.

I found this article really helpful in understanding the default
networking mode and the other available choices and how each behaves:

https://blogs.oracle.com/scoter/networking-in-virtualbox-v2

It's a couple of years old, but still applies. As a result of it,
I've been able to connect with my virtual machines in ways I hadn't
before. Hopefully you'll get something out of it, too.

--
Little Girl

There is no spoon.

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users