Hello, I'm setting up a test network with qemu and vde. I would like to be able to sniff traffic by running tcpdump on the host machine, by attaching tcpdump to one of the ports of an emulated vde_switch. (I'll configure vde_switch it to act as hub rather thna a switch if that's needed; not sure if there are other ways, like a second attach to port I'm really interested in, or some port-replication feature as found in some other switches).
I'd prefer to not have to route packets via some real network interfaces on the host computer, just to be able to sniff it. I've been searching for tools to do this, but I couldn't find anything. Ideally, I'd like to use something like vde_plug the-hub | tcpdump -r -, but vde_plug and tcpdump don't use the same format. I have looked briefly at the vde_pcapplug source code, but it appears it doesn't support pcap savefiles. I imagine it wouldn't be very hard to extend vde_pcapplug to be able to read and/or write pcap files, instead of working with a real network interface. But before I try that, I'd like to know if there's any other tool I should be using instead? Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. Internet email is subject to wholesale government surveillance. ------------------------------------------------------------------------------ _______________________________________________ vde-users mailing list vde-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/vde-users