Mixing lab.ext vdens vde_plug and wireshark ?

[chlohr]

Hello,
I have a vague idea in mind, and I might need a little help to clarify it...

1. Thanks to lab.ext it is possible to plug collision domains of the lab to network interfaces of the host.
2. I wonder if, with the help of vdens or its friends, it wouldn't be possible to create a network namespace specific to the user of the lab on the host, and in which one could create tap/vde interfaces?
3. Then, lab.ext could plug collision domains to them.
4. So that, wireshark (launched in this ns on the host) could collect packets of the lab in live, from the host...? Am I clear? ;-)

Does it make sense? Is it feasible? (and if so: how? ;-) )

Best regards

[tcaiazzi]

Dear @chlohr,

I believe this is feasible.

To attach a lab to a host interface, you can follow this tutorial: Communicating with the Host.

You likely only need to create dummy interfaces to connect to the collision domains you want to sniff. Then, you can use Wireshark on your host to capture traffic on those interfaces.

Here, you can find an example: wireshark-external.zip

Before running the network scenario, you need to create a dummy0 interface on the host.

ip link add dummy0 type dummy

After this, you can start the network scenario:

sudo kathara lstart

(sudo is mandatory when using external)

At this point, you can connect the Wireshark on your host on dummy0 and sniff the traffic.

Try pinging from pc1 to pc2:

ping 10.0.0.2

You should see the ping on Wireshark.

However, if you only need to use Wireshark inside a lab (without interacting with several labs), you can leverage the official Wireshark container, as explained in this tutorial:
[Capturing Packets](https://github.com/KatharaFramework/Kathara-Labs/tree/main/tutorials/capture-packets).

This setup exposes the Wireshark GUI on the host, making it accessible via a browser.

Let me know if this helps or if I can assist you further.

Thanks!

[chlohr]

Many thanks @tcaiazzi,
that's exactly what I'm trying to do... or almost... ;-)
In fact, I'm looking for a rootless solution (usable by students on PCs of the university); no sudo or similar

This is why I'm looking at the concept of network namespaces.
So, starting by 'vdens' seems to help:

$ vdens
$ ip link add dummy0 type dummy
$ ip link set dummy0 up
$ wireshark -i dummy0 &

Then, kathara could start the lab and connect the collision domain to my local dummy0... but unfortunately, it complains about not been start in sudo, despite this should not be necessary in this case: "CRITICAL (PrivilegeError) You must be root in order to use lab.ext file."
Possibly, the extra tests could be removed from the code, or kathara could propose an additional option to force it, isn't it?

Best regards

[tcaiazzi]

Dear @chlohr,

Sorry for the late reply. I made some attempts to achieve a working configuration, but unfortunately, the Kathará network plugin needs root privileges for making the connection between the Kathará collision domain and the host interface. So it is not possible to avoid using sudo for running network scenario that leverages on external.

Let me know if I can help further!

[chlohr]

Dear @tcaiazzi,
Thank you very much for your efforts.
It's a shame, I need a rootless solution for hands-on activities on the university computers.
Well, I'll keep looking.
Best regards

[chlohr]

Hello,
May I propose an alternative scenario: instead of using lab.ext and vde_ext, let's use vdecapture !
From inside the network plugin, let's plug vdecapture to its vde_switch/hub
This captures packets and produce a pcap file.
But this file could be a named pipe, shared with the host (via /hosttmp/katharanp/ or another way)
So that, simple users on the host can get captured packet of the collision domain via this pipe (wireshark -k -i /tmp/katharanp/fifo.pcap)
Do I make myself clear?
Okay, so there are potentially a few details to work out... but does this idea make sense?

Best regards

[tcaiazzi]

Dear @chlohr,

Apologies for the delay! I suspect the issue might be the same as before: plugging vdecapture requires entering the namespace, which in turn requires root privileges.

That said, your use case isn’t entirely clear to me. Why not use the official wireshark container, as suggested above? It allows you to capture packets within a lab while exposing the Wireshark GUI on a host port, making it accessible via a browser. Plus, it doesn’t require root privileges.

If you only need to use Wireshark inside a lab (without interacting with multiple labs), you can leverage the official Wireshark container, as explained in this tutorial:
Capturing Packets

Let me know if you need further clarification!

[chlohr]

Dear @tcaiazzi,
You guessed right! I'm still on my mind...

vdecapture has to be plugged from inside the VM which manage the collision domain, as vde_ext does.
Before that, one has to create a fifo, a named pipe.
And one can then give reading right on this file for any user.
So the fifo (created and populated by root on the VM) is usable by users on the host.
It's easier to manage permissions on file rather on network interfaces ;-)
I tried it by hand, it works.

I know the official Wireshark container.
It's a good and elegant solution, with one big advantage: it already works. ;-)
But I am not very comfortable with this solution in an educational context.
First: This is not the usual way to use Wireshark. Wireshark is not a web app. I don't want to teach this.
Then: this implies to distrub the lab, with an extra machine, with additionnal networks links, etc.

This is why I'm looking for alternatives, if feasible ;-)

Best regards