It seems, that I have turned off all encryption for tcp in libvirt.conf, but still rpc packets are not showed, only tcp. I suppose, that I don't need to add additional plugins to wirehark for libvirt and rpc, am I right?

2017-04-21 11:23 GMT+03:00 Daniel P. Berrange <berrange@redhat.com>:
On Fri, Apr 21, 2017 at 10:16:47AM +0300, Anastasiya Ruzhanskaya wrote:
> Hello,
> I have some questions about libvirt remote connection.
> Am I right that internally libvirt uses only tcp ( ssh and tls are only
> encryption based on this) + ftp ( when working with image itself)? Also I
> have found that  it uses RPC. However, as I know RPC runs above tcp but I
> cannot capture these packets with wireshark when I am connecting remotely
> to the host with vm? Is it somehow possible to find out, what data, what
> messages, in what format are send from my server to the remote libvirt
> (daemon I suppose?)?

Libvirt uses a custom RPC protocol running above a number of different
transports (TCP with SASL, TCP with TLS, SSH tunnel, etc, etc). Libvirt
ships a wireshark plugin that can be used to analyse the network stream
but you would have to turn off all authentication and use plain TCP
to be able to see it otherwise it'll be encrypted and wireshark won;t
see anything


Regards,
Daniel
--
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|