The error is as follows:
kernel: Uhhuh. NMI received for unknown reason 3c on CPU 0.
kernel: Do you have a strange power saving mode enabled?
kernel: Dazed and confused, but trying to continue
I'm running behind a 2wire NAT Router with only have smtp, www, pop3 open routing to my ubuntu VM server. Network also includes three other ubuntu VM server's and a Desktop. I'm the only one on the network so my question is, what security risk is there running WireShark as root? Because running it under dumpcap is horrible after you quit. It hogs up all the resource to remove the dump.
View 7 Replies View RelatedSo you have to run wireshark as root too see the interfaces which I'm ok with but a message says that this is dangerous. I am just wondering WHY this is dangerous? I mean I know sudo gives complete read write access to the system but what I am wondering is why is that BAD for wireshark? What could potentially happen? Can someone expand on this?
View 1 Replies View RelatedI'm trying to install Wireshark but getting an error GTK-Warning **:cannot open display.. Does anyone has instructions on how to install wireshark..
View 5 Replies View RelatedI'm trying to install Wireshark but I have this message :
"configure: error: Header file pcap.h not found; if you installed libpcap from source, did you also do "make install-incl", and if you installed a binary package of libpcap, is there also a developer's package of libpcap and did you also install that package?"
I tried to use #yum -y install wireshark but didn't work.
I am trying to use Wireshark and on startup the program pops up a window saying:
Couldn't run /usr/sbin/dumpcap in child process: Permission denied
Are you member of 'wireshark' group? Try running 'usermod -a -G wireshark <username>' as root.
I ran the usermod command to add my account in the group and checked it
Code:
less /etc/group
wireshark:x:490:myaccount
but the same error message pops up.
I'm using Fedora9. I cannot start wireshark or tcpdump because of the lib dependency error:
Code:
[root@localhost ~]# wireshark
wireshark: error while loading shared libraries: libpcap.so.0.9: cannot open shared object file: No such file or directory
I updated libpcap before and the latest version is libpcap.so.1.1. I changed the version because of another application but I cannot remember when I did it, perhaps on Sep.11?
Code:
[root@localhost lib]# ll |grep libpcap
-rw-r--r-- 1 root root 309670 2010-09-11 08:10 libpcap.a
lrwxrwxrwx 1 root root 12 2010-09-11 08:10 libpcap.so -> libpcap.so.1
lrwxrwxrwx 1 root root 14 2010-09-11 08:10 libpcap.so.1 -> libpcap.so.1.1
-rwxr-xr-x 1 root root 243207 2010-09-11 08:10 libpcap.so.1.1
So I tried
Code:
ln -s libpcap.so.1.1 libpcap.so.0.9
but it doesn't work.
My data center informed me that my shared web hosting server is producing a massive attack. Attack against who? how? etc?... well.. other than "your server is generating an attack of over 150,000 UDP connections", they did not specify the target IP, nor the specific port. The attacks usually run for less than 5 minutes and pose a threat on the datacenter's firewall itself (from within).
I ran various searches on my server and came up with nothing. (over 300 websites with PHP in 25GB of data, database etc).
I do not allow any shell/bash other than myself, so no other logins are available. (I re-checked /etc/passwd for any bash).
I believe that there is probably some php fsckopen call or something to that degree that responds to a call from an external server. To make it easier to diagnose the problem and then stopping it, I need your assistance developing a simple tracing tool, methodology.
I have wireshark installed on the server.
My thoughts on how to capture this attack (which occurs at random) is as follow:
1. run a service that greps and count the UDP connections currently on the server and does this every 60 seconds. ( a simple one minute cron is enough).
netstat -a |grep UDP -cw
2. Currently the output shows: 0 (zero).
3. I do run a DNS server that can be queried, so I expect to see some UDP calls every so often. However, this is probably going to occur at < 50 entries.
4 . run this logic if no high loads on the server.
If servers load is < 3.00
{
If ( netstat -a |grep UDP -cw ) > 50
{
./tshark > wireshark.hacker.trace<timestamp>.txt;
email me an alert that "hey wireshark was triggered";
sleep (15)
killall -9 tshark
}
}
i am getting this error while running in rhel 5.3 -bash: sar: command not found
View 5 Replies View RelatedI have a VPS built with CentOS 5.4 64 bit, and I use it as a webserver (httpd & lighttpd)and mysql server. I used Jason's Utter Ramblings Yum Repository to install the latest PHP, apache, subversion, and mysql. However, I got problems afterwards when I try to run 'yum update' via SSH.
View 2 Replies View RelatedI've just upgraded (finally) to 10.04 desktop, and when I boot, I get a login screen, which is quite usual, but once I log in, the machine drops to terminal, instead of the usual GUI. I've tried running startx, but I get this error message. Fatal server error: Server is already active for display 0 If this server is no longer running, remove /tmp/.X0-lock and start again.
View 1 Replies View RelatedI hope this is an easy question to answer, how do update my nVidia drivers? Can I add a repository so it automatically updates? I have downloaded the latest verson from the nvidia website. When I so a "sudo ./NVIDIA-Linux-x86_64-190.53-pkg2.run" I get "Error: You appear to be running an X server; please exit X before installing"
View 1 Replies View RelatedI'm trying to run backtrack from a usb drive on my netbook. Upon loading it, i get "Fatal server error: no screens found".
View 1 Replies View RelatedSometimes I connect to my Debian box from another computer (using SSH on Cygwin or Linux), and once ina while I want to run some console apps. And sometimes some of these apps might complain about "another intance, Error: an instance of newsbeuter is already running (PID: 2496)". Is there a work around for this issue at all(without killing the original instance") ? The reason I do not want to kill the app because there might be 2 users connected to the same machine that might be using the same app.
View 1 Replies View RelatedI have been using SDB:NVIDIA_the_hard_way and have run into a problem. When I run the script, it gives me the following error message: You appear to be running an X server; please exit X before installing
View 7 Replies View Relatedi installed yumex:yum -y install yumex, when i start yumex it came with this error:fatal error:backend-not-running backend not running as expected (yumex will close) how can i solve it?
View 10 Replies View Relatedtcpdump is not details in protocols,so want wireshark to study protocols,
View 4 Replies View RelatedI installed Ubuntu 10.04 on my ASUS Eee PC 1015 but can't get WireShark to recognize my Atheros card.
I know my Atheros card works because I was on my wireless network at my house last night.
have to create a webhost on an running fedora server which runs multiple webpages + a coldfusion serveri have to add an coldfusion virtual host to these.what i would do:*crate a new user & group*enter vhosts.conf and copy an existing host and modify it for the new one.*create an new folder and copy the main files (phpstarter and webroot) *chown the files for the right useri think an apache graceful would be needet
View 1 Replies View RelatedI have some issues while installing wireshark-gnome. see the below logs. I am using Fedora 13. I am seeing some transaction error when I issue "yum install wireshark-gnome".
[root@Fedora-ipv6 ~]# yum install wireshark-gnome
Loaded plugins: fastestmirror, presto, refresh-packagekit
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
[Code]...
The Wireshark website specifically warns against running WireShark as Root....
Quote:
Administrator/root account not required!
Many Wireshark users think that Wireshark requires a root/Administrator account to work with.
That's not a good idea, as using a root account makes any exploit far more dangerous: a successful exploit will have immediate control of the whole system, compromising it completely.
First of all, most Wireshark functions can always be used with a (probably very limited) user account. In particular, the protocol dissectors which have shown most of the security related bugs do not need a root account!
Only capturing (and gathering capture interface information) may require a root account, but even that can usually be "circumvented", see CaptureSetup/CapturePrivileges for details how to do so.
I freshly installed Wireshark on my PC by running 'yum install wireshark'. Installation succeeded. But then I cannot find how to start Wireshark. I looked already in different folders by using locate ( and updatedb) but I cannot find the place where I should invoke the program. How I can start my program?
View 2 Replies View Relatedi am not able to use wireshark in rhel5.0
View 2 Replies View RelatedI am doing security stuff under linux... I've heard of Wireshark and Snort and dsniff and have been reading up on them on wikipedia pages but the big picture is not clear to me yet. Are things like Wireshard and Snort BASED on the functionality of iptables in Linux? I read that you have to be root to run iptables, but not to run Wireshark right? Yet Wireshark is dependent on iptables.
View 3 Replies View RelatedOk, I have debated where to post this question. Should it be in Software? Networking? Security? Since I am going through a security class, I decided to post it here in hopes that other security gurus may have came accross the problem. Ok so, I am in a security class and they give you a wireshark capture file with RTP traffic and want you to dump the payloads into an audio file.
Pretty easy with wireshark:
Telephony -> RTP -> Show all streams...
Pick Stream -> Analyze
Save Payload
Format: RAW, Channels: BOTH -> OK
Ok so here is the problem when I do this I get: Can't save reversed direction in a file: Unsupported codec! At first I thought I was missing an audio codec it needs but I can't find it. I've searched the web and found one post that wasn't very helpful. If anyone can give me a hand that would be great.
I run into this error while trying to install wireshark. I am sure there is a quick fix. I can see the files are different I just don't know how to resolve the error.
Test Transaction Errors: file /usr/lib/python2.6/site-packages/wireshark_be.pyc from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686
file /usr/lib/python2.6/site-packages/wireshark_be.pyo from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686
file /usr/lib/python2.6/site-packages/wireshark_gen.pyc from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686
file /usr/lib/python2.6/site-packages/wireshark_gen.pyo from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686
I'm loving FC14, but I just find out that Wireshark is not working, as it was on FC13.Here is what's happening..... When running the application I get prompt for authentication, that was fine under FC13. I used to type my super user password, andthat was it. On FC14 I get nothing.Now when I skip the authentication the Wireshark Gui comes up, but it has no interfaces showing on my list.What I have!:
wireshark-gnome-1.4.1-2.fc14.i686
wireshark-1.4.1-2.fc14.i686
wireshark-devel-1.4.1-2.fc14.i686
[code]....
Install wireshark and added it to visudo. But wireshark refused to start in konsole
Code:
# sudo wireshark
(wireshark:7493): Gtk-WARNING **: cannot open display:
However, wireshark will start without problem when in root.
anyone know network packet editor for Linux? or modify network packet in wireshark?
View 1 Replies View RelatedI've run into a sort of catch 22.I installed wireshark via apt-get on my Eee 1008HA, but when it is launched, it does not allow any capture interfaces. I think this is because the shortcut created in my applications paneldoes not start it as root.So I went into terminal, typed in "sudo wireshark" and it popped up, as root. I was then able to capture on my wireless interface. However, if I try and specify my home folder as the location for the capture to be saved, I get an error that permission was denied, which seems odd since the process is running as root and should be able to do pretty much whatever it wants. How can I get wireshark set up so I can both capture _and_ save the .pcap files I generate? I'm running karmic koala, the full output of uname -a is: Linux ruckus-laptop 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linux.
View 1 Replies View Related