Today, I was wondering how I can trace the incoming and outgoing network traffic of a vagrant box as early as possible.

I use Vagrant with VirtualBox as provider for my virtual machines. Diving into the Vagrant documentation, I found how to configure a specific provider here.

To be sure to understand how provider configuration in Vagrant works, let’s take the example given in the documentation apart:

Vagrant.configure("2") do |config|

# ...



config.vm.provider "virtualbox" do |vb|

vb.customize ["modifyvm", :id, "--cpuexecutioncap", "50"]

end

end

Barely, this closure will helps us to configure the Vagrant box described by the Vagrantfile. The within loop config.vm.provider "virtualbox" do |vb| will be executed only if the provider is Virtualbox. The following line is nothing more than a call to the VboxManage utility. VboxManage is the command-line interface for VirtualBox. It helps to control VirtualBox from the command-line of the host operating system. For more information about VBoxManage please follow this link.

The parameters given to vb.customize are ["modifyvm", :id, "--cpuexecutioncap", "50"] which is an array where:

modifyvm changes the properties of a registered virtual machine which is not running.

:id is replaced with the ID of the virtual machine being created.

--cupexecutioncap controls how much CPU time a virtual CPU can use.

50 implies a single virtual CPU can use up to 50% of a single host CPU.

Now, we knows how to interact with VboxManage inside a Vagrantfile. By looking closely to the VboxManage modifyvm documentation page. I found the nictrace option. With this option we must be able to trace network traffic by dumping it into a file. This option must be always followed by the nictracefile option. Which specify the absolute path of the file the trace must be logged to.

With those informations, we can build a Vagrantfile to trace the network traffic.

Vagrant.configure("2") do |config|

# ...



config.vm.provider "virtualbox" do |vb|

vb.customize ["modifyvm", :id, "--nictrace1", "on"]

vb.customize ["modifyvm", :id, "--nictracefile1", "dump.pcap"]

end

end

Note: the number right after each interfaces specify which interface we wants to trace.

Now, we can run the Vagrant box by using the vagrant up command. Then, if we take a look in the directory where the Vagrantfile is, we notice a just created dump.pcap file.

$ ls -l dump.pcap Vagrantfile

-rw------- 1 boinc boinc 282722 Apr 21 15:07 dump.pcap

-rw-r--r-- 1 boinc boinc 2982 Apr 21 15:05 Vagrantfile

We can now open the pcap file with Wireshark and do our networking debug !