Packet Captures in VIRL


Packet capturing in VIRL is not entirely intuitive, so this brief guide will outline how this is done.



Before beginning, make sure you have installed:

  • A current version of Wireshark
  • The VM Maestro client



Capturing Packets

Start the Topology

  1. Open the VM Maestro client
  2. Open a topology, or build a new one
  3. Start the simulation
  4. Wait for the simulation to start completely



Start the Capture

  1. Decide which interface(s) to capture traffic on
  2. In the simulation view, left-click the link on which the packet capture should run
    1. Notice that the interface ends of the link appear, as shown below
  3. Right click on the interface on which the packet capture should run. Go to Packet Captures, then Create New
  4. In the Create PAcket Capture window, set the options as required, or leave as default. Click OK
  5. The icon on the interface will change to show that the capture is running


VIRL PacketCapture Link  


VIRL PacketCapture Create New  


VIRL PacketCapture Options  


VIRL PacketCapture Running  



Retrieve the Capture

  1. Perform whatever tests you need to generate the traffic you want to capture
  2. When ready, right click the interface the capture is running on, go to Packet Captures, then go to the capture that is running, and click Download
  3. Select a location to download to, and click OK
  4. When the Open Packet Capture dialog box appears, click Yes to view the packet capture
  5. The capture will automatically open in Wireshark


VIRL PacketCapture Download  


VIRL PacketCapture Open  



Review all Running Captures

  1. In the toolbar, click Window -> Show View -> Packet Captures
  2. The Packet Capture view will appear in the bottom window pane, showing all running captures
  3. From here, captures can be downloaded, deleted, or 'revealed' in the simulation viewer




Twitter: @NetwrkDirection


Last update 2017-08-29 09:34