show how to use wireshark from the host to capture network traffic from a vm

2025-06-06 07:12:40 +00:00 · 2025-06-06 07:12:40 +00:00 · 8ac67e7ac5
parent 144cd7368b
commit 8ac67e7ac5
2 changed files with 25 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -50,6 +50,15 @@ You can also login with one of the example accounts, e.g. `alice.doe` and passwo
 **NB** nginx is setup with a self-signed certificate that you have to trust before being
 able to access the local Nexus home page.

+## Network Packet Capture
+
+You can easily capture and see traffic from the host with the `wireshark.sh`
+script, e.g., to capture the traffic from the `lo` interface:
+
+```bash
+./wireshark.sh nexus lo
+```
+
 # Notes

 ## Check for a component existence
--- a/wireshark.sh
+++ b/wireshark.sh
@ -0,0 +1,16 @@
+#!/bin/bash
+set -euox pipefail
+
+vm_name=${1:-nexus}; shift || true
+interface_name=${1:-lo}; shift || true
+
+mkdir -p shared
+vagrant ssh-config $vm_name >shared/$vm_name-ssh-config.conf
+exec wireshark \
+    -o "gui.window_title:$vm_name $interface_name" \
+    -k \
+    -d 'tcp.port==6001,http' \
+    -d 'tcp.port==6002,http' \
+    -d 'tcp.port==6003,http' \
+    -d 'tcp.port==8081,http' \
+    -i <(ssh -F shared/$vm_name-ssh-config.conf $vm_name "sudo tcpdump -s 0 -U -n -i $interface_name -w - not port 22")