Edgeshark

Edgeshark discovers the virtual communication on container hosts and can provide live capture with Wireshark with a single click. The capture function requires the installation of the cshargextcap Wireshark plugin. The plugin repository provides detailed installation instructions for multiple platforms.

Warning

As of December 2025, the cshargextcap plugin does not work with Wireshark release 4.6; use Wireshark 4.4 instead.

Add the following lines to a lab topology file to use Edgeshark with netlab:

tools:
  edgeshark:

Notes:

• Edgeshark can capture traffic on virtual interfaces but not on libvirt point-to-point tunnels (more details).

• A single instance of Edgeshark can discover the virtual communication of all labs running on your server.

• If you use the multilab plugin, enable Edgeshark in a single (preferably dedicated) lab instance.

• The Edgeshark containers will be stopped when the netlab lab instance that started them is shut down.

• Edgeshark works with a subset of netlab-supported platforms. netlab does not check whether Edgeshark supports all the devices used in the lab topology.