Linux netlink (netlink)
Linux netlink is a communication channel between Linux kernel space and user space. [To be extended].
The netlink socket interface appeared in Linux kernel 2.2.
XXX - Add example decoded traffic for this protocol here (as plain text or Wireshark screenshot).
The netlink dissector is fully functional, although not all netlink families are dissected.
The netlink dissector has no preference settings.
Example capture file
XXX - Add a simple example capture file to the SampleCaptures page and link from here (see below). Keep this file short, it's also a good idea to gzip it to make it even smaller, as Wireshark can open gzipped files automatically.
A complete list of netlink display filter fields can be found in the display filter reference
Show only the netlink based traffic:
You cannot directly filter netlink protocols while capturing.
libnl Netlink Protocol Library Suite.
RFC 3549 Linux Netlink as an IP Services Protocol - The use of netlink for IP Services.
- This page needs to be extended with
- how to setup a capture point (# modprobe nlmon; ip link add type nlmon; ip link set nlmon0 up)
- what family members there are (rtnetlink, netfilter, generic netlink, ...)
- what generic netlink family member there are and how to learn them ($ genl-ctrl-list)
- what net_dm is for (#dropwatch -l kas)
- what taskstats is for (#iotop)