Some updates on this.
When running in QT, 2 dumcaps are created, one for stats and one for
capture. When capturing on nflog, the child process require the parent to
be dead (its fd are released). I tried to implement a solution that, in
case the interface starts with "nf", tries again up to 10 time
Hi Peter
I opened a bug on bugzilla for that
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10886
and I tried to figure out how the solution can be implemented. You can find
my WIP here
https://code.wireshark.org/review/6757
If you or someone else want to work on it, you're welcome.
Dario.
>
>
>
> Kill statistics before starting the capture? Sounds fine to me, though I
> am not sure whether it has other side-effects. The Capture -> Options
> dialog is another place where these stats are visible.
>
What about filing a bug? Do you think it would be useful? Or is there
anyone taking ca
On Friday 19 December 2014 17:07:20 Dario Lombardo wrote:
> On Fri, Dec 19, 2014 at 12:35 PM, Peter Wu wrote:
>
> > The Capture -> Options
> > dialog is another place where these stats are visible.
> >
>
> Is it visible during capture?
No, it is not visible during capture. The options menu item
On Fri, Dec 19, 2014 at 12:35 PM, Peter Wu wrote:
> The Capture -> Options
> dialog is another place where these stats are visible.
>
Is it visible during capture?
___
Sent via:Wireshark-dev mailing list
Archives:ht
On Friday 19 December 2014 11:55:47 Dario Lombardo wrote:
> On Fri, Dec 19, 2014 at 11:44 AM, Peter Wu wrote:
> > Nope, it won't work at the moment. The problem is that NFLOG can only be
> > opened by one user which is a kernel limitation. From
> > net/netfilter/nfnetlink_log.c:
> >
> > i
On Fri, Dec 19, 2014 at 11:44 AM, Peter Wu wrote:
>
>
> If I need to perform a capture, i just overwrite dumpcap with:
> ln -sfv /usr/bin/dumpcap /tmp/wsbuild/run/
>
> It looks like you also avoid overwriting this file/symlink by disabling
> dumpcap building:
>
> cmake -DBUILD_dumpcap=0 ...
>
On Friday 19 December 2014 11:08:01 Dario Lombardo wrote:
> On Thu, Dec 18, 2014 at 4:29 PM, Peter Wu wrote:
> >
> >
> > You should not run Wireshark with sudo, instead set the appropriate
> > privileges on the dumpcap binary as described at
> > http://wiki.wireshark.org/CaptureSetup/CapturePrivil
On Thu, Dec 18, 2014 at 4:29 PM, Peter Wu wrote:
>
>
> You should not run Wireshark with sudo, instead set the appropriate
> privileges on the dumpcap binary as described at
> http://wiki.wireshark.org/CaptureSetup/CapturePrivileges
>
>
Generally speaking, you are right, and it's waht I do with my
On Thursday 18 December 2014 13:50:34 Dario Lombardo wrote:
> Hi list!
> I tried to use nflog to capture packets with wireshark qt and gtk (master)
> and I got different results.
> First I run
>
> sudo iptables -A OUTPUT -j NFLOG
> sudo iptables -A INPUT -j NFLOG
>
> then I launched wireshark-gtk
Hi list!
I tried to use nflog to capture packets with wireshark qt and gtk (master)
and I got different results.
First I run
sudo iptables -A OUTPUT -j NFLOG
sudo iptables -A INPUT -j NFLOG
then I launched wireshark-gtk and choose nflog as capture interface. All
worked.
But when I launched wiresh
11 matches
Mail list logo
