I am trying to debug network communication which happens inside CentOS 7 KVM guest. This communication goes from localhost to localhost. I suppose, that all this traffic happens on local lo interface. Is there a recommended way how to sniff packets on this interface from host (preferably with Wireshark) such as redirecting them to network interface shared with host? Or is the only way to capture packets inside guest and then analyze them on host?
Asked
Active
Viewed 697 times
0
honza-kasik
- 111
- 1
-
The packets never leave the guest. What are you expecting? – Michael Hampton Aug 02 '18 at 11:46
-
@MichaelHampton Sorry, I probably wasn't clear enough. I am looking for a way to sniff these packets which won't leave the guest. So am I understanding, that the only way is to sniff inside the guest? I am asking, because I see it as an unnecessary overhead, trying to get working solution inside my guest, so I am looking for a way to access these packets from host... – honza-kasik Aug 02 '18 at 11:51
-
That seems obvious to me. The traffic wouldn't be accessible anywhere else. – Michael Hampton Aug 02 '18 at 11:53
-
OK, thanks, I was looking for an easy trick. I am not so familiar with virtualization and it seemed to me that there might be some. – honza-kasik Aug 02 '18 at 11:57
-
1From your perspective you should just treat them as distinct hosts, and if you need to communicate between them, use normal networking protocols such as IP. The whole point of virtualization is to create virtual machines which are virtually distinct from each other and from the hypervisor they run on. – Michael Hampton Aug 02 '18 at 11:59
-
Thank you very much! You are completely right. I created an answer based on your comments, feel free to edit it as you wish! – honza-kasik Aug 02 '18 at 12:06
1 Answers
1
No it's not. From my perspective, both (the host and the guest) should be looked at as separate hosts. All traffic is inside the KVM guest and the only way how to monitor it is sniffing inside the guest.
honza-kasik
- 111
- 1