Ubuntu Networking :: Wireshark Can't Save The Captures
Feb 8, 2010
I've run into a sort of catch 22.I installed wireshark via apt-get on my Eee 1008HA, but when it is launched, it does not allow any capture interfaces. I think this is because the shortcut created in my applications paneldoes not start it as root.So I went into terminal, typed in "sudo wireshark" and it popped up, as root. I was then able to capture on my wireless interface. However, if I try and specify my home folder as the location for the capture to be saved, I get an error that permission was denied, which seems odd since the process is running as root and should be able to do pretty much whatever it wants. How can I get wireshark set up so I can both capture _and_ save the .pcap files I generate? I'm running karmic koala, the full output of uname -a is: Linux ruckus-laptop 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linux.
I have an ubuntu PC with 2 nics, 1 for the internet, the other one should be to connect other computers an analyze the network traffic with Wireshark. How do I configure this 2nd nic to achieve this.
I remember that in the past, I succeed to sniff network traffic with Wireshark but when I tried lately, it didn't work. - Enabled monitor and promisc mode using the command line and launched Wireshark with option 'promisc mode' on: didn't work. - Directly launched Wireshark with option 'promisc mode' on: didn't work. - Did the both previous things with option 'promisc mode' off: didn't work.
I installed Wireshark 1.2.7 on my Lenovo X61 tablet PC running Ubuntu 10.04 lucid during the quest for a decent signal strength meter for available wifi access points. What is a good software or hardware method to TEST WiFi strength & power?But I can't get Wireshark to do the simplest thing, which is to "Capture Interfaces".
I am new to using wireshark and I've been browsing around the packets it a bit. I figured I'd try and use it to cut into a protocol that isn't documented, that I can find, but doesn't seem particularly secure. I tried cutting into a protocol and I turned _everything_ off, but wireshark was still picking up packets left right and centre. So I decided to stop the internet daemon and still, packets were being sent over the internet. So I decided to pick some of the IPs and do a reverse look-up. Each and every one of the IPs are of Russian origin or close.
I'm under the impression that these are unwanted packets. I've also noticed that they are sending data from the same port: 32165. Another thing I noticed while doing reverse look-ups is a lot of these IPs are hit in 'Spam & Open Relay Blocking System' and 'Project Honey Pot' which seem to be spam blockers and trackers. What I should do or what I should investigate? The reverse look-ups are only providing me with the ISP which 'owns' the IP block the IP is apart of. They are from various ISPs every time.
I am trying to use screen captures in compiz but they are garbled and unusable. I am running ubuntu 9.10 on a dell latitude D520. I attached a copy of one of the screen shots.
I m trying to develop an application to block packets(using c++)(like a firewall). i have tried pcap library , but it doesn't block packet just captures them.
When working in an XP VirtualBox I can't use Alt-Tab to switch to my Linux Apps as VirtualBox captures the keys for Windows. So I tended to make a lot of use on the Application list on the old System Tray/Taskbar. I could click on the application's entry in the taskbar and that application would come up. When I needed to return to the Windows App, I clicked again and the application would then minimise so I can see the Windows app. Also I have been using the SUPER button in conjunction with 'E' to raise the Home Directory (just to keep it consistent with Windows).
I just install fedora 15 (64bit) on my Toshiba Satellite L550 laptop.I realise a problem with my fan. It is ON almost allways (90% of the time my laptop is on).My processors are not active and there is no an obvious process that captures my cpu.I had the same problem on fedora 13 and 14 too. I hoped that they solved it in 15.... but... this was not true . When I run it from inside Windows 7 (from a Virtual Machine) it works fine! I was searching to the internet to find a solution (for days) with no luck!Is it a compatibility problem between my CPU and Linux kernel?The problem is very annoying indeed and prevents me for using fedora as my default OS with or w/o A/C.I must say that the same problem exists in ubuntu 10 too
I have an Acer Aspire One Netbook, and I have the Ubuntu 9.10 Netbook Remix installed. I have tried using Cheese to capture video and it captures maybe 2 seconds of movement, then goes black and/or the image freezes. I can take photos just fine, but video capture seems to be impossible. Any help?
I have Ubuntu 9.10 dual booting with Windows7.My ext3 /home is mounted as F: in windows.I share a firefox profile between them so that when i am in Windows my firefox uses the same profile as it does when in Ubuntu.It all worked great until recently. I am unable to save files by right clicking and save as. In the config i am unable to set a directory to save to. It neer asks me where to save to. Just nothing happens. some off my book marks are all messed up as well, my rss feeds have the same post on some random website every time i log on and i have to manually refresh to get the correct feeds back. I am unable to delete the random bookmark.
my mediacenter is attached to an beamer with the optimal resolution of 1280*720 ubuntu 10.04 doesnt offer me this revolution (on my intel 915 graphis controller). this means i have to add this resolution to the possible resolutions. first i used cvt
now i can select and use the new resolution - until next reboot. after an reboot 1280x720 is again not available. even if i work with sudo - the resolution isnt there....
The Wireshark website specifically warns against running WireShark as Root....
Quote:
Administrator/root account not required!
Many Wireshark users think that Wireshark requires a root/Administrator account to work with.
That's not a good idea, as using a root account makes any exploit far more dangerous: a successful exploit will have immediate control of the whole system, compromising it completely.
First of all, most Wireshark functions can always be used with a (probably very limited) user account. In particular, the protocol dissectors which have shown most of the security related bugs do not need a root account!
Only capturing (and gathering capture interface information) may require a root account, but even that can usually be "circumvented", see CaptureSetup/CapturePrivileges for details how to do so.
I'm running behind a 2wire NAT Router with only have smtp, www, pop3 open routing to my ubuntu VM server. Network also includes three other ubuntu VM server's and a Desktop. I'm the only one on the network so my question is, what security risk is there running WireShark as root? Because running it under dumpcap is horrible after you quit. It hogs up all the resource to remove the dump.
Was trying to use wireshark to pen test my network and I can't get it to work properly.When capturing on my main wireless card wlan0 atheros ath9k the program freezes after a short while and I can't even access the web anymore. Not to mention it stops capturing. I have to disconnect and reconnect to get back on the web. Not sure what is going on here. I get the following output in terminal:
(wireshark:2240): GLib-GObject-WARNING **: /build/buildd/glib2.0-2.26.0/gobject/gsignal.c:3081: signal name `depressed' is invalid for instance `0x2142cb68'
I am trying to use wireshark on my ubuntu 10.10 laptop. However I have found out that wireshark will only detect my network cards when it is started with root permissions. How would I make it automatically start with root permissions?
I want to use wireshark network traffic analyser to analyse ethernet traffic in a "Abis over IP" based GSM cellular communication network. Can anybody guide me how to install WireShark in my Ubantu 9.10 Live USB drive. I cannot access internet with this USB drive but i can download pacages in a windows machine. I need to know which pacages to download and how to build wireshark from source.
I'm using mencoder to capture audio from a Encore ENLTV-FM3 video capture device. I have recently noticed that, since one week ago, when the machine was forcibly restarted due to a power outage, all recordings are slightly pitched, they play back slower than they should.
I narrowed down the problem to the following command line:
$ time mencoder -really-quiet -tv driver=v4l2:device=/dev/video1:chanlist=us-cable:audiorate=32000:alsa:adevice=hw.1:input=0:amode=1:normid=11 -endpos 00:10:00 -ovc copy -oac pcm -of rawaudio -o test-32000.wav tv://69 real 9m54.886s user 0m5.536s sys 0m1.740s $ ls -l test-32000.wav -rw-r--r--@ 1 martin martin 76800000 Mar 15 17:20 test-32000.wav
Somehow, mencode managed to gather precisely 10 minutes worth of raw audio in 9m 55s. That's not physically possible, unless the capture device's A/D converters are "overclocked". I can't think of any other explanation besides hardware failure. Can that be? Could it be that something got burnt during the power outage and now the capture device's internal clock went nuts?
Since the machine's restart, I've also noticed dmesg is flooded with entries like this:
CE: hpet increased min_delta_ns to XXX nsec
Which seem to indicate that the computer's high precision event timer is somehow out of sync. Does this have to do with the audio issue? Can it be that the audio converter's sample rate is linked to the HPET? I'm totally lost here. Has anyone bumped into something similar?
So you have to run wireshark as root too see the interfaces which I'm ok with but a message says that this is dangerous. I am just wondering WHY this is dangerous? I mean I know sudo gives complete read write access to the system but what I am wondering is why is that BAD for wireshark? What could potentially happen? Can someone expand on this?
I have some issues while installing wireshark-gnome. see the below logs. I am using Fedora 13. I am seeing some transaction error when I issue "yum install wireshark-gnome".
[root@Fedora-ipv6 ~]# yum install wireshark-gnome Loaded plugins: fastestmirror, presto, refresh-packagekit Loading mirror speeds from cached hostfile Setting up Install Process Resolving Dependencies --> Running transaction check
I freshly installed Wireshark on my PC by running 'yum install wireshark'. Installation succeeded. But then I cannot find how to start Wireshark. I looked already in different folders by using locate ( and updatedb) but I cannot find the place where I should invoke the program. How I can start my program?
I am doing security stuff under linux... I've heard of Wireshark and Snort and dsniff and have been reading up on them on wikipedia pages but the big picture is not clear to me yet. Are things like Wireshard and Snort BASED on the functionality of iptables in Linux? I read that you have to be root to run iptables, but not to run Wireshark right? Yet Wireshark is dependent on iptables.
The error is as follows: kernel: Uhhuh. NMI received for unknown reason 3c on CPU 0. kernel: Do you have a strange power saving mode enabled? kernel: Dazed and confused, but trying to continue
Ok, I have debated where to post this question. Should it be in Software? Networking? Security? Since I am going through a security class, I decided to post it here in hopes that other security gurus may have came accross the problem. Ok so, I am in a security class and they give you a wireshark capture file with RTP traffic and want you to dump the payloads into an audio file.
Pretty easy with wireshark: Telephony -> RTP -> Show all streams... Pick Stream -> Analyze Save Payload Format: RAW, Channels: BOTH -> OK
Ok so here is the problem when I do this I get: Can't save reversed direction in a file: Unsupported codec! At first I thought I was missing an audio codec it needs but I can't find it. I've searched the web and found one post that wasn't very helpful. If anyone can give me a hand that would be great.
I run into this error while trying to install wireshark. I am sure there is a quick fix. I can see the files are different I just don't know how to resolve the error.
Test Transaction Errors: file /usr/lib/python2.6/site-packages/wireshark_be.pyc from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686 file /usr/lib/python2.6/site-packages/wireshark_be.pyo from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686 file /usr/lib/python2.6/site-packages/wireshark_gen.pyc from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686 file /usr/lib/python2.6/site-packages/wireshark_gen.pyo from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686
I'm loving FC14, but I just find out that Wireshark is not working, as it was on FC13.Here is what's happening..... When running the application I get prompt for authentication, that was fine under FC13. I used to type my super user password, andthat was it. On FC14 I get nothing.Now when I skip the authentication the Wireshark Gui comes up, but it has no interfaces showing on my list.What I have!:
