foren6 icon indicating copy to clipboard operation
foren6 copied to clipboard

Published 20 hours ago verified publisher icon cetic

could not start thark !!

Open marcomilazzo opened this issue 8 years ago • 6 comments

hi i got this answer: <You can go in Preferences, tshark and select the other Tshark API. If that does not work please send <us the output of tshark --help.

But i am a new user of ubuntu and i can't find the preference of Tshark !! I need a step by step explananion :( Thank's for any help

marcomilazzo avatar Mar 11 '16 16:03 marcomilazzo

hi this is the output:(thark --help) Capture interface: -i name or idx of interface (def: first non-loopback) -f packet filter in libpcap filter syntax -s packet snapshot length (def: 65535) -p don't capture in promiscuous mode -I capture in monitor mode, if available -B size of kernel buffer (def: 2MB) -y link layer type (def: first appropriate) -D print list of interfaces and exit -L print list of link-layer types of iface and exit

Capture stop conditions: -c stop after n packets (def: infinite) -a ... duration:NUM - stop after NUM seconds filesize:NUM - stop this file after NUM KB files:NUM - stop after NUM files Capture output: -b ... duration:NUM - switch to next file after NUM secs filesize:NUM - switch to next file after NUM KB files:NUM - ringbuffer: replace after NUM files Input file: -r set the filename to read from (- to read from stdin)

Processing: -2 perform a two-pass analysis -R packet Read filter in Wireshark display filter syntax -Y packet displaY filter in Wireshark display filter syntax -n disable all name resolutions (def: all enabled) -N enable specific name resolution(s): "mntC" -d <layer_type>==,<decode_as_protocol> ... "Decode As", see the man page for details Example: tcp.port==8888,http -H read a list of entries from a hosts file, which will then be written to a capture file. (Implies -W n) Output: -w <outfile|-> write packets to a pcap-format file named "outfile" (or to the standard output for "-") -C start with specified configuration profile -F set the output file type, default is pcapng an empty "-F" option will list the file types -V add output of packet tree (Packet Details) -O Only show packet details of these protocols, comma separated -P print packet summary even when writing to a file -S the line separator to print between packets -x add output of hex and ASCII dump (Packet Bytes) -T pdml|ps|psml|text|fields format of text output (def: text) -e field to print if -Tfields selected (e.g. tcp.port, _ws.col.Info) this option can be repeated to print multiple fields -E= set options for output when -Tfields selected: header=y|n switch headers on and off separator=/t|/s| select tab, space, printable character as separator occurrence=f|l|a print first, last or all occurrences of each field aggregator=,|/s| select comma, space, printable character as aggregator quote=d|s|n select double, single, no quotes for values -t a|ad|d|dd|e|r|u|ud output format of time stamps (def: r: rel. to first) -u s|hms output format of seconds (def: s: seconds) -l flush standard output after each packet -q be more quiet on stdout (e.g. when using statistics) -Q only log true errors to stderr (quieter than -q) -g enable group read access on the output file(s) -W n Save extra information in the file, if supported. n = write network address resolution information -X : eXtension options, see the man page for details -z various statistics, see the man page for details --capture-comment add a capture comment to the newly created output file (only for pcapng)

Miscellaneous: -h display this help and exit -v display version info and exit -o : ... override preference setting -K keytab file to use for kerberos decryption -G [report] dump one of several available reports and exit default report="fields" use "-G ?" for more help

were do i select the correct api? marco

marcomilazzo avatar Mar 12 '16 11:03 marcomilazzo

you forgot to include the first lines of thsark --help and I can not check the actual version you have.

To select the correct API, in Foren6, you open the 'File' menu, you go to Preferences and there you toggle ' Old tshark'

laurentderu avatar Mar 14 '16 21:03 laurentderu

hi i got foren6 working on istant contiki 3.0 no way to get it work on ubuntu 15.04 this is the tshark :+1: TShark 1.12.7 (Git Rev Unknown from unknown) Dump and analyze network traffic. See http://www.wireshark.org for more information.

Copyright 1998-2015 Gerald Combs [email protected] and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Usage: tshark [options] ...

Capture interface: -i name or idx of interface (def: first non-loopback) -f packet filter in libpcap filter syntax -s packet snapshot length (def: 65535) -p don't capture in promiscuous mode -I capture in monitor mode, if available -B size of kernel buffer (def: 2MB) -y link layer type (def: first appropriate) -D print list of interfaces and exit -L print list of link-layer types of iface and exit

Capture stop conditions: -c stop after n packets (def: infinite) -a ... duration:NUM - stop after NUM seconds filesize:NUM - stop this file after NUM KB files:NUM - stop after NUM files Capture output: -b ... duration:NUM - switch to next file after NUM secs filesize:NUM - switch to next file after NUM KB files:NUM - ringbuffer: replace after NUM files etc....

i tried also the sniff capture with a cc2531 with zboos hex it works fine with wireshark but not with forens6 i sniffed the serial and the zboss send the channeh to start capturing 0x1a ad example http://zboss.dsr-wireless.com/projects/zboss

i just installed again foren6 but there is no option to select tshark !! i downloaded the deb package i can see only 3 labels: 6lowpan .ipv6 ,rpl

i really don't see it :) marco

marcomilazzo avatar Mar 17 '16 16:03 marcomilazzo

hi i compiled foren6 from source and i got the menu ! i checked the old tshark box but still :+1: tshark: Couldn't run /usr/bin/dumpcap in child process: Permission denied

tshark exited Could not start tshark :(

marcomilazzo avatar Mar 17 '16 17:03 marcomilazzo

I get the same error on MacOS, but works fine when I start foren6 from command line. It seems like I got "Failed to spawn process: No such file or directory". Wrapping it in a bash script let me made it work "normally". #!/bin/sh export PATH=/usr/local/Cellar/wireshark/2.2.6/bin:$PATH DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" script -q /dev/null "$DIR/foren6.original" #> /tmp/errors.txt

darkfader avatar Jul 19 '17 08:07 darkfader

platform with x64 machine

Description: Ubuntu 16.04.3 LTS Release: 16.04 Codename: xenial

I start foren6 with "sudo make run" command.The interface is virtually different from the one when you start foren6 with ubuntu menu usually. I did not check "old tshark" on preferences either.

githubfoam avatar Jan 17 '18 07:01 githubfoam