vdetcpcapture captures packet data from a live VDE network and send it in
pcap format to TCP clients (such as wireshark or libpcap tools via the
TCP@<IP>:<PORT> interface).
get the source code, from the root of the source tree run:
$ make
$ sudo make install
vdetcpcapture [options] VNL
-a addr
: Address to bind to. Default ANY (tcp & vsock), capture.pcap (unix & abstract)
-p port
: Port to listen on. Default 2002 (tcp & vsock)
-t t|v|u|a
: Type of the server; either tcp (default), vsock, unix, abstract
-h
: Display a short help message and exit
vdetcpcapture -a localhost vde:///tmp/hub
This command captures the packets received by the vde plug hub:///tmp/hub
and send it to TCP clients connected to localhost:2002
(eg. wireshark -k -i TCP@[::1]:2002)
vdetcpcapture -t a
This command captures the packets received by the default vde switch /tmp/vde.ctl
and send it to clients connected to the abstract unix socket named capture.pcap.
Such a client can be Wireshark with the "extsocpcap" extcap plugin.
Note that with little coding effort, vdetcpcapture can use several types of sockets provided by the kernel (vsock, unix, abstract, as an alternative to tcp).