-
Notifications
You must be signed in to change notification settings - Fork 0
Packetcapturing
Packet capturing can help to trace packages through the network and analyze communication streams.
ToMaTo supports capturing of packets on connections on Tinc-based connectors. The capturing can be enabled in the GraphicalEditor in the properties panels of the connections. The captured packets are saved to a rotating set of files holding at most 50 MB of data. The capture files can be downloaded by clicking the "download capture" button in the control panel of the connection. ToMaTo currently can only capture all packets on a connection and not apply filters. (See issue #10)
The timestamp in the capture files do not exactly correspond with the time of sending the packet in the virtual machine since the scheduling might introduce a delay. However the timestamp is guaranteed to be between the time of sending and the time of the forwarding to the connection.
Also note that timestamps from different hosts might have a certain offset, depending on how good the clocks of the hosts are synchronized. In the German-Lab testbed currently no actions are taken to synchronize the clocks among the hosts. (See issue #11)
ToMaTo generates capture files in the pcap format. When downloaded from the hosts multiple capture files are packed into a tar.gz archive.
The capture files created by ToMaTo can be used by a lot different programs:
- Wireshark - a graphical pcap explorer an analysis tool
- Cloudshark - a web-based pcp explorer with a similar UI to Wireshark
- tcpreplay - a Linux tool to replay pcap files