show how to use wireshark from the host to capture network traffic from a vm

README.md

@@ -29,9 +29,9 @@ This will:
 
 # Usage
 
-Build and install the [Ubuntu 22.04 Base Box](https://github.com/rgl/ubuntu-vagrant).
+Build and install the [Ubuntu 22.04 UEFI Base Box](https://github.com/rgl/ubuntu-vagrant).
 
-Build and install the [Windows 2022 Base Box](https://github.com/rgl/windows-vagrant).
+Build and install the [Windows 2022 UEFI Base Box](https://github.com/rgl/windows-vagrant).
 
 Add the following entry to your `/etc/hosts` file:
 
@@ -50,6 +50,15 @@ You can also login with one of the example accounts, e.g. `alice.doe` and passwo
 **NB** nginx is setup with a self-signed certificate that you have to trust before being
 able to access the local Nexus home page.
 
+## Network Packet Capture
+
+You can easily capture and see traffic from the host with the `wireshark.sh`
+script, e.g., to capture the traffic from the `lo` interface:
+
+```bash
+./wireshark.sh nexus lo
+```
+
 # Notes
 
 ## Check for a component existence
@@ -136,7 +145,7 @@ You can also access the database cli shell as:
 sudo su -l                            # switch to the root user.
 systemctl stop nexus                  # make sure nexus is not running while you use the database.
 su -s /bin/bash nexus                 # switch to the nexus user.
-nexus_home=/opt/nexus/nexus-3.75.1-01 # make sure you have the correct version here.
+nexus_home=/opt/nexus/nexus-3.79.1-04 # make sure you have the correct version here.
 nexus_data="$(realpath $nexus_home/../sonatype-work/nexus3)"
 function h2-shell {
   java \

Vagrantfile

@@ -21,7 +21,7 @@ Vagrant.configure(2) do |config|
   end
 
   config.vm.define :nexus do |config|
-    config.vm.box = 'ubuntu-22.04-amd64'
+    config.vm.box = 'ubuntu-22.04-uefi-amd64'
     config.vm.hostname = nexus_domain
     config.vm.network 'private_network', ip: nexus_ip
     config.vm.provider :libvirt do |lv, config|
@@ -48,7 +48,7 @@ Vagrant.configure(2) do |config|
   end
 
   config.vm.define :windows do |config|
-    config.vm.box = 'windows-2022-amd64'
+    config.vm.box = 'windows-2022-uefi-amd64'
     config.vm.network 'private_network', ip: '192.168.56.4'
     config.vm.provider :libvirt do |lv, config|
       config.vm.synced_folder '.', '/vagrant', type: 'smb', smb_username: ENV['USER'], smb_password: ENV['VAGRANT_SMB_PASSWORD']

hello-world-pypi-package/requirements.txt

@@ -1,34 +1,34 @@
 backports.tarfile==1.2.0
 build==1.2.2.post1
-certifi==2024.8.30
+certifi==2025.4.26
 cffi==1.17.1
-charset-normalizer==3.4.0
-cryptography==44.0.0
+charset-normalizer==3.4.2
+cryptography==45.0.3
 docutils==0.21.2
+id==1.5.0
 idna==3.10
-importlib_metadata==8.5.0
+importlib_metadata==8.7.0
 jaraco.classes==3.4.0
 jaraco.context==6.0.1
 jaraco.functools==4.1.0
-jeepney==0.8.0
-keyring==25.5.0
+jeepney==0.9.0
+keyring==25.6.0
 markdown-it-py==3.0.0
 mdurl==0.1.2
-more-itertools==10.5.0
-nh3==0.2.19
-packaging==24.2
-pkginfo==1.12.0
+more-itertools==10.7.0
+nh3==0.2.21
+packaging==25.0
 pycparser==2.22
-Pygments==2.18.0
+Pygments==2.19.1
 pyproject_hooks==1.2.0
 readme_renderer==44.0
 requests==2.32.3
 requests-toolbelt==1.0.0
 rfc3986==2.0.0
-rich==13.9.4
+rich==14.0.0
 SecretStorage==3.3.3
 tomli==2.2.1
-twine==6.0.1
-typing_extensions==4.12.2
-urllib3==2.2.3
-zipp==3.21.0
+twine==6.1.0
+typing_extensions==4.14.0
+urllib3==2.4.0
+zipp==3.22.0

provision/npm-login.js

@@ -2,7 +2,7 @@ var RegistryClient = require('npm-registry-client');
 
 var client = new RegistryClient({});
 
-// see https://github.com/npm/npm-registry-client/blob/v8.5.0/lib/adduser.js
+// see https://github.com/npm/npm-registry-client/blob/v8.6.0/lib/adduser.js
 client.adduser(
   process.env.NPM_REGISTRY,
   {

provision/provision-docker.sh

@@ -2,7 +2,7 @@
 set -euxo pipefail
 
 # see https://github.com/moby/moby/releases
-docker_version="${1:-24.0.5}"; shift || true
+docker_version="${1:-28.2.2}"; shift || true
 registry_proxy_domain="${1:-$(hostname --fqdn)}"; shift || true
 # NB as-of docker 19.03.8, there is still no way to specify a registry mirror credentials,
 #    as such, we cannot use our docker-group registry, instead we must use the docker-proxy
@@ -22,12 +22,12 @@ apt-get update
 # install docker.
 # see https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/#install-using-the-repository
 apt-get install -y apt-transport-https software-properties-common
-wget -qO- https://download.docker.com/linux/ubuntu/gpg | apt-key add -
-add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+wget -qO- https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/download.docker.com.gpg
+echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/download.docker.com.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >/etc/apt/sources.list.d/docker.list
 apt-get update
 apt-cache madison docker-ce
-docker_version="$(apt-cache madison docker-ce | awk "/$docker_version[~-]/{print \$3}")"
-apt-get install -y "docker-ce=$docker_version" "docker-ce-cli=$docker_version" containerd.io
+docker_package_version="$(apt-cache madison docker-ce | awk "/$docker_version/{print \$3}")"
+apt-get install -y "docker-ce=$docker_package_version" "docker-ce-cli=$docker_package_version" containerd.io
 
 # configure it.
 systemctl stop docker
@@ -35,6 +35,9 @@ cat >/etc/docker/daemon.json <<'EOF'
 {
     "experimental": false,
     "debug": false,
+    "features": {
+        "buildkit": true
+    },
     "log-driver": "journald",
     "labels": [
         "os=linux"
@@ -63,3 +66,6 @@ usermod -aG docker vagrant
 ctr version
 docker version
 docker info
+docker network ls
+ip link
+bridge link

provision/provision-dotnet-sdk.sh

@@ -1,10 +1,14 @@
 #!/bin/bash
 set -euxo pipefail
 
-# pin the microsoft apt repository above the distro.
+# opt-out of telemetry.
+echo 'export DOTNET_CLI_TELEMETRY_OPTOUT=1' >/etc/profile.d/opt-out-dotnet-cli-telemetry.sh
+source /etc/profile.d/opt-out-dotnet-cli-telemetry.sh
+
+# pin the microsoft apt repository packages above the distro ones.
 # see apt-cache policy
-# see apt-cache policy dotnet-sdk-6.0
-# see apt-cache showpkg dotnet-sdk-6.0
+# see apt-cache policy dotnet-sdk-8.0
+# see apt-cache showpkg dotnet-sdk-8.0
 # see http://manpages.ubuntu.com/manpages/jammy/en/man5/apt_preferences.5.html
 cat >/etc/apt/preferences.d/packages.microsoft.com.pref <<'EOF'
 Package: *
@@ -12,18 +16,14 @@ Pin: origin "packages.microsoft.com"
 Pin-Priority: 999
 EOF
 
-# opt-out of telemetry.
-echo 'export DOTNET_CLI_TELEMETRY_OPTOUT=1' >/etc/profile.d/opt-out-dotnet-cli-telemetry.sh
-source /etc/profile.d/opt-out-dotnet-cli-telemetry.sh
-
 # install the dotnet core sdk.
-# see https://docs.microsoft.com/en-us/dotnet/core/install/linux-ubuntu
+# see https://learn.microsoft.com/en-us/dotnet/core/install/linux-ubuntu
 wget -qO packages-microsoft-prod.deb "https://packages.microsoft.com/config/ubuntu/$(lsb_release -s -r)/packages-microsoft-prod.deb"
 dpkg -i packages-microsoft-prod.deb
 rm packages-microsoft-prod.deb
 apt-get install -y apt-transport-https
 apt-get update
-apt-get install -y dotnet-sdk-6.0
+apt-get install -y dotnet-sdk-8.0
 
 # show versions.
 dotnet --info

provision/provision-nexus.sh

@@ -35,17 +35,17 @@ pushd /opt/nexus
 # see https://help.sonatype.com/repomanager3/product-information/download/download-archives---repository-manager-3
 # see https://help.sonatype.com/repomanager3/product-information/release-notes
 # see https://help.sonatype.com/repomanager3
-nexus_version=3.75.1-01
+nexus_version=3.79.1-04
 nexus_home=/opt/nexus/nexus-$nexus_version
-nexus_tarball=nexus-$nexus_version-unix.tar.gz
+nexus_tarball=nexus-$nexus_version-linux-x86_64.tar.gz
 nexus_download_url=https://download.sonatype.com/nexus/3/$nexus_tarball
-nexus_download_sha1=cfc9e7bdaeb1f1b9fb45aecc7a50821759c8b847
+nexus_download_sha256='048b5b588fcb337576f47e1cf8e89fb59273406b6b0789e90eb8f58726754115'
 wget -q $nexus_download_url
-if [ "$(sha1sum $nexus_tarball | awk '{print $1}')" != "$nexus_download_sha1" ]; then
+if [ "$(sha256sum $nexus_tarball | awk '{print $1}')" != "$nexus_download_sha256" ]; then
     echo "downloaded $nexus_download_url failed the checksum verification"
     exit 1
 fi
-tar xf $nexus_tarball # NB this creates the $nexus_home (e.g. nexus-3.75.1-01) and sonatype-work directories.
+tar xf $nexus_tarball # NB this creates the $nexus_home (e.g. nexus-3.79.1-04) and sonatype-work directories.
 rm $nexus_tarball
 install -d -o nexus -g nexus -m 700 .java # java preferences are saved here (the default java.util.prefs.userRoot preference).
 install -d -o nexus -g nexus -m 700 sonatype-work/nexus3/etc
@@ -110,7 +110,7 @@ apt-get install -y --no-install-recommends httpie
 apt-get install -y --no-install-recommends jq
 
 # wait for nexus to come up.
-bash -c "while [[ \"\$(wget -qO- https://$nexus_domain/service/extdirect/poll/rapture_State_get | jq -r .data.data.status.value.edition)\" != 'OSS' ]]; do sleep 5; done"
+bash -c "while [[ \"\$(wget -qO- https://$nexus_domain/service/extdirect/poll/rapture_State_get | jq -r .data.data.status.value.edition)\" != 'COMMUNITY' ]]; do sleep 5; done"
 
 # print the version using the API.
 wget -qO- https://$nexus_domain/service/extdirect/poll/rapture_State_get | jq --raw-output .data.data.uiSettings.value.title
@@ -167,6 +167,24 @@ bash /vagrant/provision/execute-provision.groovy-script.sh
 api_auth="admin:admin"
 
 
+# accept the End User License Agreement (EULA).
+# see https://links.sonatype.com/products/nxrm3/docs/ce-onboarding.
+eula_disclaimer="$(http \
+    --check-status \
+    --auth "$api_auth" \
+    GET \
+    https://$nexus_domain/service/rest/v1/system/eula \
+    | jq -r .disclaimer)"
+http \
+    --check-status \
+    --auth "$api_auth" \
+    --ignore-stdin \
+    POST \
+    https://$nexus_domain/service/rest/v1/system/eula \
+    accepted=true \
+    disclaimer="$eula_disclaimer"
+
+
 # create the adhoc-package raw repository.
 # NB this repository can host any type of artifact, so we disable strictContentTypeValidation.
 # see https://help.sonatype.com/display/NXRM3/Raw+Repositories+and+Maven+Sites#RawRepositoriesandMavenSites-UploadingFilestoHostedRawRepositories

provision/provision-nexus/Makefile

@@ -17,7 +17,7 @@ binaries: binaries-download
 
 binaries-download:
 	mkdir -p binaries
-	wget -qO- https://download.sonatype.com/nexus/3/nexus-3.75.1-01-unix.tar.gz \
+	wget -qO- https://download.sonatype.com/nexus/3/nexus-3.79.1-04-unix.tar.gz \
 		| tar xzf - --strip-components 1 -C binaries
 
 clean:

provision/provision-nexus/pom.xml

@@ -8,7 +8,7 @@
   <version>1.0-SNAPSHOT</version>
 
   <properties>
-    <nx-version>3.75.1-01</nx-version>
+    <nx-version>3.79.1-04</nx-version>
   </properties>
   <dependencies>
     <dependency>

provision/provision-resize-disk.sh

@@ -6,9 +6,20 @@ partition_number="$(echo "$partition_device" | perl -ne '/(\d+)$/ && print $1')"
 disk_device="$(echo "$partition_device" | perl -ne '/(.+?)\d+$/ && print $1')"
 
 # resize the partition table.
+# Warning: Not all of the space available to /dev/sda appears to be used, you can fix the GPT to use all of the space (an extra 50331648 blocks) or continue with the current setting?
+# Fix/Ignore? Fix
+# Partition number? 2
+# Warning: Partition /dev/sda2 is being used. Are you sure you want to continue?
+# Yes/No?
+# Yes
+# End?  [8589MB]?
+# 100%
 parted ---pretend-input-tty "$disk_device" <<EOF
 resizepart $partition_number 100%
-yes
+Fix
+$partition_number
+Yes
+100%
 EOF
 
 # resize the file system.

provision/use-docker-repository.sh

@@ -61,17 +61,17 @@ EOF
 cat >go.mod <<'EOF'
 module example.com/go-hello
 
-go 1.20
+go 1.24.3
 EOF
 cat >Dockerfile <<'EOF'
-FROM golang:1.20-bullseye as builder
+FROM golang:1.24.3-bookworm as builder
 WORKDIR /app
 COPY go.* main.go ./
 RUN CGO_ENABLED=0 go build -ldflags="-s"
 
 # NB we use the buster-slim (instead of scratch) image so we
 #    can enter the container to execute bash etc.
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 COPY --from=builder /app/go-hello .
 WORKDIR /
 EXPOSE 8000

provision/use-maven-repository-from-gradle.sh

@@ -12,7 +12,7 @@ cd tmp/use-maven-repository-from-gradle
 
 # download and install gradle.
 # see https://gradle.org/releases/
-gradle_version='8.2.1'
+gradle_version='8.14.2'
 if [ ! -f /opt/gradle/gradle-$gradle_version/bin/gradle ]; then
     apt-get install -y unzip
     wget -qO/tmp/gradle-$gradle_version-bin.zip https://services.gradle.org/distributions/gradle-$gradle_version-bin.zip
@@ -35,8 +35,8 @@ cat >settings.gradle <<'EOF'
 rootProject.name = 'gradle-greeter'
 EOF
 cat >build.gradle <<'EOF'
-// see https://docs.gradle.org/8.2.1/userguide/java_library_plugin.html
-// see https://docs.gradle.org/8.2.1/userguide/maven_plugin.html
+// see https://docs.gradle.org/8.14.2/userguide/java_library_plugin.html
+// see https://docs.gradle.org/8.14.2/userguide/maven_plugin.html
 
 plugins {
     id 'java-library'
@@ -46,8 +46,10 @@ plugins {
 group = 'com.example'
 version = '1.0.0'
 
-sourceCompatibility = 1.8
-targetCompatibility = 1.8
+java {
+    sourceCompatibility = JavaVersion.VERSION_17
+    targetCompatibility = JavaVersion.VERSION_17
+}
 
 jar {
     manifest {
@@ -67,7 +69,7 @@ publishing {
 
     repositories {
         maven {
-            url System.env.NEXUS_REPOSITORY_URL
+            url = System.env.NEXUS_REPOSITORY_URL
             credentials {
                 username = System.env.NEXUS_REPOSITORY_USERNAME
                 password = System.env.NEXUS_REPOSITORY_PASSWORD
@@ -100,26 +102,27 @@ cat >settings.gradle <<'EOF'
 rootProject.name = 'gradle-greeter-application'
 EOF
 cat >build.gradle <<EOF
-// see https://docs.gradle.org/8.2.1/userguide/java_plugin.html
-// see https://docs.gradle.org/8.2.1/userguide/application_plugin.html
-// see http://imperceptiblethoughts.com/shadow/
+// see https://docs.gradle.org/8.14.2/userguide/java_plugin.html
+// see https://docs.gradle.org/8.14.2/userguide/application_plugin.html
+// see https://gradleup.com/shadow/
+// see https://github.com/GradleUp/shadow
 
 plugins {
     id 'application'
-    id 'com.github.johnrengelman.shadow' version '8.1.1'
+    id 'com.gradleup.shadow' version '8.3.6'
 }
 
 group = 'com.example'
 version = '1.0.0'
 
-mainClassName = 'Greet'
-
 application {
-    mainClass = project.mainClassName
+    mainClass = 'Greet'
 }
 
-sourceCompatibility = 17
-targetCompatibility = 17
+java {
+    sourceCompatibility = JavaVersion.VERSION_17
+    targetCompatibility = JavaVersion.VERSION_17
+}
 
 jar {
     manifest {
@@ -132,7 +135,7 @@ jar {
 
 repositories {
     maven {
-        url 'https://$nexus_domain/repository/maven-public'
+        url = 'https://$nexus_domain/repository/maven-public'
     }
 }
 

provision/use-npm-repository.sh

@@ -13,7 +13,7 @@ mkdir -p tmp/use-npm-repository && cd tmp/use-npm-repository
 
 # install node LTS.
 # see https://github.com/nodesource/distributions#debinstall
-curl -sL --fail --show-error https://deb.nodesource.com/setup_18.x | bash
+curl -sL --fail --show-error https://deb.nodesource.com/setup_22.x | bash
 apt-get install -y nodejs
 node --version
 npm --version

provision/use-nuget-repository.sh

@@ -68,7 +68,7 @@ dotnet nuget list source
 cat >example-hello-world.csproj <<'EOF'
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <Version>1.0.0</Version>
     <Authors>Alice Doe</Authors>
     <Copyright>Copyleft Alice Doe</Copyright>
@@ -82,7 +82,7 @@ cat >example-hello-world.csproj <<'EOF'
     </NuspecProperties>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Serilog" Version="3.0.1" />
+    <PackageReference Include="Serilog" Version="4.3.0" />
   </ItemGroup>
 </Project>
 EOF
@@ -127,7 +127,7 @@ cat >test.csproj <<'EOF'
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
   </PropertyGroup>
 </Project>
 EOF
@@ -159,7 +159,7 @@ EOF
 dotnet nuget list source
 dotnet add package example-hello-world
 # see https://www.nuget.org/packages/Serilog.Sinks.Console/
-dotnet add package Serilog.Sinks.Console --version 4.1.0
+dotnet add package Serilog.Sinks.Console --version 6.0.0
 dotnet build -v=n -c=Release
 dotnet publish -v=n -c=Release --no-build --output dist
 ./dist/test

provision/windows/use-npm-repository.ps1

@@ -29,7 +29,8 @@ Set-Location tmp/use-npm-repository
 # see https://docs.npmjs.com/cli/adduser
 
 # install node LTS.
-choco install -y nodejs-lts
+# see https://community.chocolatey.org/packages/nodejs-lts
+choco install -y nodejs-lts --version 22.16.0
 Import-Module C:\ProgramData\chocolatey\helpers\chocolateyInstaller.psm1
 Update-SessionEnvironment
 node --version

wireshark.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+set -euox pipefail
+
+vm_name=${1:-nexus}; shift || true
+interface_name=${1:-lo}; shift || true
+
+mkdir -p shared
+vagrant ssh-config $vm_name >shared/$vm_name-ssh-config.conf
+exec wireshark \
+    -o "gui.window_title:$vm_name $interface_name" \
+    -k \
+    -d 'tcp.port==6001,http' \
+    -d 'tcp.port==6002,http' \
+    -d 'tcp.port==6003,http' \
+    -d 'tcp.port==8081,http' \
+    -i <(ssh -F shared/$vm_name-ssh-config.conf $vm_name "sudo tcpdump -s 0 -U -n -i $interface_name -w - not port 22")