action #109211
open
[qe-core] test fails in wireshark - Wireshark test needs to be simplified
Added by szarate about 2 years ago.
Updated about 2 months ago.
Category:
Refactor/Code Improvements
Description
Observation¶
This test is executing a lot of steps testing the UI, but causes failures which in this case, when the mouse was moved, the copy menu was selected (for some weird reason)
Also the module is doing a full blown installation, when it could boot from HDD.
Dee proposed that we could do features and functionalities of Wireshark via console, and verify that the app really can be started, from the GUI point of view...
I have checked with Vit, and his feeling is that it is ok to proceed with the change.
- Copied from action #98814: [qe-core] test fails in wireshark - Wireshark test needs to be simplified added
- Description updated (diff)
- Category changed from Bugs in existing tests to Refactor/Code Improvements
- Description updated (diff)
- Sprint set to QE-Core: April Sprint (Apr 13 - May 11)
- Status changed from New to Workable
- Assignee set to dvenkatachala
We can use tshark , a command-line interface for Wireshark, that supports similar options to capture packet data from live connections, to write the packets to a file and to read/verify packets from a previously saved capture file.
Below are the test steps,
1. Capture packets:¶
Start capture via terminal using the tshark command in the background (and also generate the DNS request traffic in the current test) and save the captured data in a file.
for e.g., Command : tshark -i ens3 -f "port 53" -w /tmp/capture.pcap
In the above tshark command, “-i” option begins the capture process from ens3 interface; capture filter "-f" option captures packets from ports 53 only and "-w" options saves
the captured traffic to a file.
2. Verify the capture:¶
Read the specific captured packet in the saved file by passing the display filter (option "-Y") and verify the packet count. If the packet count is non-zero then proceed to
verify the required field value.
for e.g., Dns request packet count: tshark -r /tmp/capture.pcap -Y "dns.a && dns.qry.name== www.suse.com" | wc -l
then we can use options “-T field” and "-e" to extract fields as per our choice. see command usage below,
command : tshark -r /tmp/capture.pcap -Y "dns.a && dns.qry.name== www.suse.com" -T fields -e "dns.qry.name" -e "dns.qry.type"
Santiago, should I go with the above steps to modify the current wireshark test? please confirm.
- Description updated (diff)
Hey Dee! as mentioned over Slack, capturing USB is something to have too, other than that, we're good to go
- Status changed from Workable to In Progress
As per our discussion, next step is to capture USB traffic.
USB capture traffic can be done with below steps,
- To dump USB traffic on Linux, you need the usbmon kernel module. If it is not loaded yet, run this command as root:
- Run >lsusb and take a note of which bus the device connects.
- List the interfaces available on the system by running command. Run > tcpdump -D
- Now initiate the capture on the interface of USB bus X noted from step 2.
- start and save the capture by running command: tshark -i "usbmonX" -w /tmp/capture_usb.pcap
@santiago, Can we discuss one more time regarding capture and parsing of USB traffic.
- Status changed from In Progress to Feedback
- Sprint deleted (
QE-Core: April Sprint (Apr 13 - May 11))
This ticket was set to Normal priority but was not updated within the SLO period. Please consider picking up this ticket or just set the ticket to the next lower priority.
Also available in: Atom
PDF