action #109211
open[qe-core] test fails in wireshark - Wireshark test needs to be simplified
0%
Description
Observation¶
This test is executing a lot of steps testing the UI, but causes failures which in this case, when the mouse was moved, the copy menu was selected (for some weird reason)
Also the module is doing a full blown installation, when it could boot from HDD.
Dee proposed that we could do features and functionalities of Wireshark via console, and verify that the app really can be started, from the GUI point of view...
I have checked with Vit, and his feeling is that it is ok to proceed with the change.
Updated by szarate over 2 years ago
- Copied from action #98814: [qe-core] test fails in wireshark - Wireshark test needs to be simplified added
Updated by szarate over 2 years ago
- Category changed from Bugs in existing tests to Refactor/Code Improvements
Updated by szarate over 2 years ago
- Checklist item Dee to draft a plan how the Wireshark tests can be rewritten added
- Tags set to qe-core-april-sprint
- Description updated (diff)
- Start date deleted (
2022-03-30)
Updated by szarate over 2 years ago
- Sprint set to QE-Core: April Sprint (Apr 13 - May 11)
Updated by dvenkatachala over 2 years ago
We can use tshark , a command-line interface for Wireshark, that supports similar options to capture packet data from live connections, to write the packets to a file and to read/verify packets from a previously saved capture file.
Below are the test steps,
1. Capture packets:¶
Start capture via terminal using the tshark command in the background (and also generate the DNS request traffic in the current test) and save the captured data in a file.
for e.g., Command : tshark -i ens3 -f "port 53" -w /tmp/capture.pcap
In the above tshark command, “-i” option begins the capture process from ens3 interface; capture filter "-f" option captures packets from ports 53 only and "-w" options saves
the captured traffic to a file.
2. Verify the capture:¶
Read the specific captured packet in the saved file by passing the display filter (option "-Y") and verify the packet count. If the packet count is non-zero then proceed to
verify the required field value.
for e.g., Dns request packet count: tshark -r /tmp/capture.pcap -Y "dns.a && dns.qry.name== www.suse.com" | wc -l
then we can use options “-T field” and "-e" to extract fields as per our choice. see command usage below,
command : tshark -r /tmp/capture.pcap -Y "dns.a && dns.qry.name== www.suse.com" -T fields -e "dns.qry.name" -e "dns.qry.type"
Updated by dvenkatachala over 2 years ago
Santiago, should I go with the above steps to modify the current wireshark test? please confirm.
Updated by szarate over 2 years ago
- Description updated (diff)
Hey Dee! as mentioned over Slack, capturing USB is something to have too, other than that, we're good to go
Updated by dvenkatachala over 2 years ago
- Status changed from Workable to In Progress
As per our discussion, next step is to capture USB traffic.
USB capture traffic can be done with below steps,
- To dump USB traffic on Linux, you need the usbmon kernel module. If it is not loaded yet, run this command as root:
- modprobe usbmon
- Run >lsusb and take a note of which bus the device connects.
- List the interfaces available on the system by running command. Run > tcpdump -D
- Now initiate the capture on the interface of USB bus X noted from step 2.
- start and save the capture by running command: tshark -i "usbmonX" -w /tmp/capture_usb.pcap
@santiago, Can we discuss one more time regarding capture and parsing of USB traffic.
Updated by dvenkatachala over 2 years ago
- Status changed from In Progress to Feedback
Updated by szarate over 2 years ago
- Sprint deleted (
QE-Core: April Sprint (Apr 13 - May 11))
Updated by slo-gin 9 months ago
This ticket was set to Normal priority but was not updated within the SLO period. Please consider picking up this ticket or just set the ticket to the next lower priority.
Updated by mgrifalconi 3 days ago
- Assignee deleted (
dvenkatachala) - Target version changed from QE-Core: Ready to future