0

I had tried to run tshark in a centos 7 instance hosted in google cloud platform. When we analyze the captured packets, it is only showing the internal IP of that server. Is there any way to get the external IP( We have a reserved public IP setup for the instance) while capturing packets in tshark.

Following is the command I tried:

sudo tshark -i eth0 -f 'host 121.120.1xx.2xx' -w /tmp/capture.pcap
Md Zubayer
  • 205
  • 1
  • 4
Dileep K
  • 3
  • 2

1 Answers1

1

No, you can't do that, because the external IPv4 address is not available to the virtual machine. It is translated with NAT somewhere outside the VM, so your VM does not see packets with the external IPv4 address. And you don't need to use it anyway.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • One of our service providers is requesting to run tshark to with the external IP for verifying the IP they are getting in their firewall. Is there any alternate way to achieve this ? – Dileep K Nov 26 '18 at 10:12
  • Do you just want to verify that your external IP address is what you think it is? Hit an IP address service from your VM, such as my own addr.space service: `curl https://myip.addr.space/` This will tell you the external IP address that your outgoing traffic is actually using. – Michael Hampton Nov 26 '18 at 13:48
  • @DileepK If you have a support plan you can try asking Google for such a capture. But I guess it will be easier to explain to the other service provider that you only have access to the internal traffic. – kasperd Nov 27 '18 at 12:30