Ubuntu :: Can't Get Wireshark To Work
Sep 29, 2010I installed Ubuntu 10.04 on my ASUS Eee PC 1015 but can't get WireShark to recognize my Atheros card.
I know my Atheros card works because I was on my wireless network at my house last night.
ADVERTISEMENT
Ubuntu Networking :: Wireshark Won't Work / Resolve This?
Aug 29, 2010I remember that in the past, I succeed to sniff network traffic with Wireshark but when I tried lately, it didn't work.
- Enabled monitor and promisc mode using the command line and launched Wireshark with option 'promisc mode' on: didn't work.
- Directly launched Wireshark with option 'promisc mode' on: didn't work.
- Did the both previous things with option 'promisc mode' off: didn't work.
I'm using AR5007EG with ath5k.
Ubuntu :: How To Install Wireshark In 10.04
May 18, 2010tcpdump is not details in protocols,so want wireshark to study protocols,
View 4 Replies View RelatedUbuntu Security :: WireShark - Do Not Run As Root
Nov 7, 2010The Wireshark website specifically warns against running WireShark as Root....
Quote:
Administrator/root account not required!
Many Wireshark users think that Wireshark requires a root/Administrator account to work with.
That's not a good idea, as using a root account makes any exploit far more dangerous: a successful exploit will have immediate control of the whole system, compromising it completely.
First of all, most Wireshark functions can always be used with a (probably very limited) user account. In particular, the protocol dissectors which have shown most of the security related bugs do not need a root account!
Only capturing (and gathering capture interface information) may require a root account, but even that can usually be "circumvented", see CaptureSetup/CapturePrivileges for details how to do so.
Ubuntu Networking :: Wireshark Can't Save The Captures
Feb 8, 2010I've run into a sort of catch 22.I installed wireshark via apt-get on my Eee 1008HA, but when it is launched, it does not allow any capture interfaces. I think this is because the shortcut created in my applications paneldoes not start it as root.So I went into terminal, typed in "sudo wireshark" and it popped up, as root. I was then able to capture on my wireless interface. However, if I try and specify my home folder as the location for the capture to be saved, I get an error that permission was denied, which seems odd since the process is running as root and should be able to do pretty much whatever it wants. How can I get wireshark set up so I can both capture _and_ save the .pcap files I generate? I'm running karmic koala, the full output of uname -a is: Linux ruckus-laptop 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linux.
View 1 Replies View RelatedUbuntu Networking :: How To Configure NIC For Wireshark Captures
Jul 2, 2010I have an ubuntu PC with 2 nics, 1 for the internet, the other one should be to connect other computers an analyze the network traffic with Wireshark. How do I configure this 2nd nic to achieve this.
View 1 Replies View RelatedUbuntu Security :: Running WireShark As Root?
Oct 11, 2010I'm running behind a 2wire NAT Router with only have smtp, www, pop3 open routing to my ubuntu VM server. Network also includes three other ubuntu VM server's and a Desktop. I'm the only one on the network so my question is, what security risk is there running WireShark as root? Because running it under dumpcap is horrible after you quit. It hogs up all the resource to remove the dump.
View 7 Replies View RelatedUbuntu Security :: Wireshark Not Capturing Properly?
Jan 23, 2011Was trying to use wireshark to pen test my network and I can't get it to work properly.When capturing on my main wireless card wlan0 atheros ath9k the program freezes after a short while and I can't even access the web anymore. Not to mention it stops capturing. I have to disconnect and reconnect to get back on the web. Not sure what is going on here. I get the following output in terminal:
(wireshark:2240): GLib-GObject-WARNING **: /build/buildd/glib2.0-2.26.0/gobject/gsignal.c:3081: signal name `depressed' is invalid for instance `0x2142cb68'
[code]....
Ubuntu :: Wireshark Automatically Start With Sudo?
Feb 2, 2011I am trying to use wireshark on my ubuntu 10.10 laptop. However I have found out that wireshark will only detect my network cards when it is started with root permissions. How would I make it automatically start with root permissions?
View 2 Replies View RelatedUbuntu Networking :: Why Won't Wireshark Show Any Interfaces In
Apr 27, 2011I installed Wireshark 1.2.7 on my Lenovo X61 tablet PC running Ubuntu 10.04 lucid during the quest for a decent signal strength meter for available wifi access points. What is a good software or hardware method to TEST WiFi strength & power?But I can't get Wireshark to do the simplest thing, which is to "Capture Interfaces".
View 9 Replies View RelatedGeneral :: Install WireShark In Ubuntu Live USB?
Mar 6, 2010I want to use wireshark network traffic analyser to analyse ethernet traffic in a "Abis over IP" based GSM cellular communication network. Can anybody guide me how to install WireShark in my Ubantu 9.10 Live USB drive. I cannot access internet with this USB drive but i can download pacages in a windows machine. I need to know which pacages to download and how to build wireshark from source.
View 1 Replies View RelatedUbuntu :: Running Wireshark No Interfaces Unless ROOT Dangerous?
Sep 25, 2010So you have to run wireshark as root too see the interfaces which I'm ok with but a message says that this is dangerous. I am just wondering WHY this is dangerous? I mean I know sudo gives complete read write access to the system but what I am wondering is why is that BAD for wireshark? What could potentially happen? Can someone expand on this?
View 1 Replies View RelatedFedora :: Yum Install Wireshark-gnome?
Mar 28, 2011I have some issues while installing wireshark-gnome. see the below logs. I am using Fedora 13. I am seeing some transaction error when I issue "yum install wireshark-gnome".
[root@Fedora-ipv6 ~]# yum install wireshark-gnome
Loaded plugins: fastestmirror, presto, refresh-packagekit
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
[Code]...
Red Hat / Fedora :: Yum Install Wireshark - How To Start
Sep 15, 2010I freshly installed Wireshark on my PC by running 'yum install wireshark'. Installation succeeded. But then I cannot find how to start Wireshark. I looked already in different folders by using locate ( and updatedb) but I cannot find the place where I should invoke the program. How I can start my program?
View 2 Replies View RelatedGeneral :: Unable To Use Wireshark In Rhel5.0?
Aug 12, 2010i am not able to use wireshark in rhel5.0
View 2 Replies View RelatedSecurity :: Wireshark Is Dependent On Iptables?
Oct 29, 2010I am doing security stuff under linux... I've heard of Wireshark and Snort and dsniff and have been reading up on them on wikipedia pages but the big picture is not clear to me yet. Are things like Wireshard and Snort BASED on the functionality of iptables in Linux? I read that you have to be root to run iptables, but not to run Wireshark right? Yet Wireshark is dependent on iptables.
View 3 Replies View RelatedServer :: Getting Error Before Running Wireshark
Jan 25, 2011The error is as follows:
kernel: Uhhuh. NMI received for unknown reason 3c on CPU 0.
kernel: Do you have a strange power saving mode enabled?
kernel: Dazed and confused, but trying to continue
Software :: Wireshark RTP Payload Extract?
Apr 13, 2010Ok, I have debated where to post this question. Should it be in Software? Networking? Security? Since I am going through a security class, I decided to post it here in hopes that other security gurus may have came accross the problem. Ok so, I am in a security class and they give you a wireshark capture file with RTP traffic and want you to dump the payloads into an audio file.
Pretty easy with wireshark:
Telephony -> RTP -> Show all streams...
Pick Stream -> Analyze
Save Payload
Format: RAW, Channels: BOTH -> OK
Ok so here is the problem when I do this I get: Can't save reversed direction in a file: Unsupported codec! At first I thought I was missing an audio codec it needs but I can't find it. I've searched the web and found one post that wasn't very helpful. If anyone can give me a hand that would be great.
Fedora :: Conflicts With File From Package Wireshark
May 12, 2010I run into this error while trying to install wireshark. I am sure there is a quick fix. I can see the files are different I just don't know how to resolve the error.
Test Transaction Errors: file /usr/lib/python2.6/site-packages/wireshark_be.pyc from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686
file /usr/lib/python2.6/site-packages/wireshark_be.pyo from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686
file /usr/lib/python2.6/site-packages/wireshark_gen.pyc from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686
file /usr/lib/python2.6/site-packages/wireshark_gen.pyo from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686
Fedora :: Wireshark Missing Interface From List?
Dec 2, 2010I'm loving FC14, but I just find out that Wireshark is not working, as it was on FC13.Here is what's happening..... When running the application I get prompt for authentication, that was fine under FC13. I used to type my super user password, andthat was it. On FC14 I get nothing.Now when I skip the authentication the Wireshark Gui comes up, but it has no interfaces showing on my list.What I have!:
wireshark-gnome-1.4.1-2.fc14.i686
wireshark-1.4.1-2.fc14.i686
wireshark-devel-1.4.1-2.fc14.i686
[code]....
OpenSUSE :: Wireshark - Unable To Start In Sudo
Sep 14, 2010Install wireshark and added it to visudo. But wireshark refused to start in konsole
Code:
# sudo wireshark
(wireshark:7493): Gtk-WARNING **: cannot open display:
However, wireshark will start without problem when in root.
General :: Modify Network Packet In Wireshark?
Nov 12, 2010anyone know network packet editor for Linux? or modify network packet in wireshark?
View 1 Replies View RelatedNetworking :: Started Using Wireshark - Protocols Not Secure
Aug 20, 2011I am new to using wireshark and I've been browsing around the packets it a bit. I figured I'd try and use it to cut into a protocol that isn't documented, that I can find, but doesn't seem particularly secure. I tried cutting into a protocol and I turned _everything_ off, but wireshark was still picking up packets left right and centre. So I decided to stop the internet daemon and still, packets were being sent over the internet. So I decided to pick some of the IPs and do a reverse look-up. Each and every one of the IPs are of Russian origin or close.
I'm under the impression that these are unwanted packets. I've also noticed that they are sending data from the same port: 32165. Another thing I noticed while doing reverse look-ups is a lot of these IPs are hit in 'Spam & Open Relay Blocking System' and 'Project Honey Pot' which seem to be spam blockers and trackers. What I should do or what I should investigate? The reverse look-ups are only providing me with the ISP which 'owns' the IP block the IP is apart of. They are from various ISPs every time.
Debian :: Wireshark Installation - GTK Warning Error
Nov 11, 2010I'm trying to install Wireshark but getting an error GTK-Warning **:cannot open display.. Does anyone has instructions on how to install wireshark..
View 5 Replies View RelatedRed Hat / Fedora :: Install A Wireshark With Graphics On RHEL 5.4?
Jun 17, 2010I can't find wireshark rpm package for RHEL5.4, How Can I install a wireshark with graphics on RHEL 5.4
View 1 Replies View RelatedGeneral :: Configure Error While Installing Wireshark
Jan 4, 2011I'm trying to install Wireshark but I have this message :
"configure: error: Header file pcap.h not found; if you installed libpcap from source, did you also do "make install-incl", and if you installed a binary package of libpcap, is there also a developer's package of libpcap and did you also install that package?"
I tried to use #yum -y install wireshark but didn't work.
Software :: Can't See In Kde Menu Or In Command Prompt (wireshark)?
May 20, 2010I have fc12.x86_64, installed wireshark yum install wireshark.x86_64 and wireshark.i686but can't see in kde menu or in command prompt (wireshark) but can see dir whereis wiresharkwireshark: /usr/lib64/wireshark /usr/share/wiresharkAny help/url to install and run in fc12 kde environment
View 4 Replies View RelatedFedora :: Install The Wireshark-gnome Interface - Need Dependencies
Jul 10, 2011When I try to install the wireshark-gnome interface I get a notice about needing two dependencies. One is portaudio and the other is the jack-audio-connection-kit. Seems like kind of odd dependencies for wireshark. Do wireshark really need them? VoIP related maybe?
View 6 Replies View RelatedGeneral :: Capture Packets With WireShark On 2 Port Ranges?
Jul 3, 2010I'm trying to capture packets with WireShark on 2 port ranges.
This syntax is not working :
Quote:
bash-3.2# /usr/sbin/tcpdump -ttttvv udp portrange 8500-8600 and portrange 5060-5070
There is no output...
What is the correct syntax for defining multiple port ranges ??
CentOS 5 Server :: Tracing An Attack With A Wireshark Script
Jun 18, 2009My data center informed me that my shared web hosting server is producing a massive attack. Attack against who? how? etc?... well.. other than "your server is generating an attack of over 150,000 UDP connections", they did not specify the target IP, nor the specific port. The attacks usually run for less than 5 minutes and pose a threat on the datacenter's firewall itself (from within).
I ran various searches on my server and came up with nothing. (over 300 websites with PHP in 25GB of data, database etc).
I do not allow any shell/bash other than myself, so no other logins are available. (I re-checked /etc/passwd for any bash).
I believe that there is probably some php fsckopen call or something to that degree that responds to a call from an external server. To make it easier to diagnose the problem and then stopping it, I need your assistance developing a simple tracing tool, methodology.
I have wireshark installed on the server.
My thoughts on how to capture this attack (which occurs at random) is as follow:
1. run a service that greps and count the UDP connections currently on the server and does this every 60 seconds. ( a simple one minute cron is enough).
netstat -a |grep UDP -cw
2. Currently the output shows: 0 (zero).
3. I do run a DNS server that can be queried, so I expect to see some UDP calls every so often. However, this is probably going to occur at < 50 entries.
4 . run this logic if no high loads on the server.
If servers load is < 3.00
{
If ( netstat -a |grep UDP -cw ) > 50
{
./tshark > wireshark.hacker.trace<timestamp>.txt;
email me an alert that "hey wireshark was triggered";
sleep (15)
killall -9 tshark
}
}