You'll have to monitor the veth-a interface. exe and run the program from a command line. (You can also use the MASQUERADE rule if you prefer)įinally, you can run the process you want to analyze in the new namespace, and wireshark too: ip netns exec test thebinarytotest To properly capture localhost traffic on a Windows server, it is necessary to use a tool such as c, which is specially made to capture Windows localhost traffic. Iptables -t nat -A POSTROUTING -s 192.168.163.0/24 -o -j SNAT -to-source VDOMDHTMLtml> How to capture localhost packets - YouTube This video will show you step by step process for capturing packets on localhost.Wireshark doesnt have this capability to capture. Ifconfig veth-b up 192.168.163.254 netmask 255.255.255.0Ĭonfigure the routing in the test namespace: ip netns exec test route add default gw 192.168.163.254 dev veth-aĪctivate ip_forward and establish a NAT rule to forward the traffic coming in from the namespace you created (you have to adjust the network interface and SNAT ip address): echo 1 > /proc/sys/net/ipv4/ip_forward The setup might seem a bit complex, but once you understand it and become familiar with it, it will ease your work so much.Ĭreate a test network namespace: ip netns add testĬreate a pair of virtual network interfaces (veth-a and veth-b): ip link add veth-a type veth peer name veth-bĬhange the active namespace of the veth-a interface: ip link set veth-a netns testĬonfigure the IP addresses of the virtual interfaces: ip netns exec test ifconfig veth-a up 192.168.163.1 netmask 255.255.255.0 If your kernel allows it, capturing the network traffic of a single process is very easily done by running the said process in an isolated network namespace and using wireshark (or other standard networking tools) in the said namespace as well. I know this thread is a bit old but I think this might help some of you:
0 kommentar(er)
