PacketCapturing
Packet capturing can help to trace packages through the network and analyze communication streams.
ToMaTo supports capturing of packets on connections on Tinc-based connectors. The capturing can be enabled in the editor in the properties of the connection. The captured packets are saved to a rotating set of files holding at most 50 MB of data. The capture files can be downloaded by clicking the "download capture" button in the control panel of the connection, or can be viewed via CloudShark. Alternatively, captures can be configured to be live-viewable by WireShark. In this case, the Editor will give advice how to set it up in its right-click menu.
Capturing can be set up to filter packets to capture. Filter expressions are described in the pcap man page
The timestamp in the capture files do not exactly correspond with the time of sending the packet in the virtual machine since the scheduling might introduce a delay. However the timestamp is guaranteed to be between the time of sending and the time of the forwarding to the connection.
Also note that hosts (which are distributed over multiple continents) may have a clock offset to each other, which is usually below 1s.
ToMaTo generates capture files in the pcap format. When downloaded from the hosts multiple capture files are packed into a tar.gz archive.
The capture files created by ToMaTo can be used by a lot different programs:
- Wireshark - a graphical pcap explorer an analysis tool
- Cloudshark - a web-based pcp explorer with a similar UI to Wireshark
- tcpreplay - a Linux tool to replay pcap files