VIRL Live Packet Capture (Mac)

    Summary

    This is script is assist VIRL users when performing Live Packet Captures via VM Maestro or UWM. The script may be started prior initiation of packet capture in the simulation, but a TCP port number in the range of 1025 - 65535 must be manually assigned to the script and Create Packet Capture dialog window. The current script version allows for multiple live captures running on unique TCP port numbers.

     

    NOTE:

    It is assumed that Wireshark has been installed in its default location.

     

    Running the Script

    ./mac_live_pcap.sh 10001

    IP address of VIRL Server: 172.16.30.200

    appending output to nohup.out

    _[]

    Wireshark will launch connected to your VIRL server (172.16.30.200) that has a Live Packet Capture running on port 10001. If traffic is passing on the interface, Wireshark should display the traffic after 2 seconds from launch.

    To stop the capture, press the STOP button on the Wireshark window or ctrl+c  with the terminal window is in focus. You may start another capture simultaneously as long as the TCP port being used is unique.

     

    Creating and Using the Script

    1. Download script
    2. Open script using a text editor like Notepad or TextEdit
    3. Connect to VIRL PE via SSH and log in
          Username: virl
          Password:  VIRL
    4. Create a blank file named  mac_live_pcap.sh using the following commands:
        vim mac_live_pcap.sh
          Press the letter  i to Insert text
          Paste entire contents of the script into the new file
          Press  esc  key to close edit mode
          Type: followed by the letterx to save and close the file
    5. Make script executable
        chmod u+x mac_live_pcap.sh
    6. Run script
        ./mac_live_pcap.sh
    7. Output file will be placed in home directory of the user virl
    8. Collect file and attach to support post

     

    **Take a look at Other Logs section in How to: Collect Logs For VIRL Troubleshooting for other ways to add scripts to your VIRL server.

     

    Usage:

    ./mac_live_pcap.sh [port_number]
    Provide VIRL IP when prompted.

     

    To start another live capture, open a new terminal window or tab and run the script again. Remember that just must use an unique TCP port number for each live capture. An unique FIFO interface with the TCP port number is created for each live capture you start.

     

    Ex:
    ./mac_live_pcap.sh 10001
    IP address of VIRL Server: 172.16.30.200

     

    Other Notes

    You may edit the script to statically assign your VIRL server's IP address for ease of use. When editing the script, make sure to use a text editor like Notepad or TextWrangler to ensure formatting is not altered. Instructions for statically assigning the VIRL host IP address are located in the script as in-line comments.

     

    Feel free to modify the script as needed and share your changes with the community!