LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-13-2009, 02:48 AM   #1
rajavel
LQ Newbie
 
Registered: Feb 2009
Posts: 8

Rep: Reputation: 0
facing problem in wireshark


i am new to linux and i am using ubuntu..when i am trying to capture the packets in wireshark,the following error pop ups..pls help me to resolve the problem

Quote:
the capture session could not be initiated (socket: operation not permitted)
please check to make sure you have sufficient permissions
 
Old 03-13-2009, 02:50 AM   #2
trist007
Senior Member
 
Registered: May 2008
Distribution: Slackware
Posts: 1,033

Rep: Reputation: 69
you need root privs so

sudo wireshark
 
Old 03-13-2009, 04:19 AM   #3
rajavel
LQ Newbie
 
Registered: Feb 2009
Posts: 8

Original Poster
Rep: Reputation: 0
thank u buddy...is there anyother tools available which is better than wireshark??? and also i am new to packet sniffing tools..so pls give me some tutorials regarding this..
 
Old 03-13-2009, 04:51 AM   #4
w3bd3vil
Senior Member
 
Registered: Jun 2006
Location: Hyderabad, India
Distribution: Fedora
Posts: 1,189

Rep: Reputation: 49
Personally, nothing better than wireshark.
Some other tools that come to mind.
tcpdump
ettercap
dsniff
snoop

A few tuts on using wireshark

http://securitytube.net/Wireshark-Basics-(1)-video.aspx
http://securitytube.net/Wireshark-Basics-(2)-video.aspx
 
Old 03-16-2009, 06:08 AM   #5
rajavel
LQ Newbie
 
Registered: Feb 2009
Posts: 8

Original Poster
Rep: Reputation: 0
thanks buddy..can we configure the wireshark so that we can find out the ip which is trying to access a blocked sites???
 
Old 03-16-2009, 02:34 PM   #6
w3bd3vil
Senior Member
 
Registered: Jun 2006
Location: Hyderabad, India
Distribution: Fedora
Posts: 1,189

Rep: Reputation: 49
Not exactly, but you should be able to figure out using the filters in wireshark.
 
Old 03-17-2009, 02:48 AM   #7
rajavel
LQ Newbie
 
Registered: Feb 2009
Posts: 8

Original Poster
Rep: Reputation: 0
can you be more explicit pls???? actually i want to trackdown the ips which are trying to access the blocked sites in lan..i know that we can block the sites using iptables so..
 
Old 03-17-2009, 06:43 PM   #8
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,062

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
Quote:
Originally Posted by rajavel View Post
can you be more explicit pls???? actually i want to trackdown the ips which are trying to access the blocked sites in lan..i know that we can block the sites using iptables so..
....so what?

The easy thing to work on is to capture data by source or destination addr. The trouble is, with most network architectures the destination is going to be something like a router on your network (the immediate destination) or a proxy server, rather than the ultimate destination.

In wireshark, you still have the information on the ultimate destination contained in the description of the packet. The trouble is, I don't quite see how you can filter on an encapsulated destination rather than an immediate destination. You can filter on a source or a destination, which may be a help, but it doesn't quite seem to be what you want.

If you know the protocol, you could filter to just that protocol, but if that is a protocol in frequent use, that might not help much. If you have tens of thousands of users, this might not be much help at all.

Two cautions; before you spend lots of time working out which IP address is the source for your problem, ensure that knowing the IP address will do what you want; if IPs are dynamically assigned, this may not be the case.

Second, be sure that whatever legal, ethical and contractual restrictions are in place are respected.
 
Old 03-18-2009, 03:30 AM   #9
rajavel
LQ Newbie
 
Registered: Feb 2009
Posts: 8

Original Poster
Rep: Reputation: 0
now i am facing this problem

Quote:
swaws@swaws-desktop:~$ wireshark

(wireshark:8304): Gtk-WARNING **: cannot open display:
swaws@swaws-desktop:~$ sudo wireshark

(wireshark:8305): Gtk-WARNING **: cannot open display:
swaws@swaws-desktop:~$
how can i uvercome this???
 
Old 03-18-2009, 03:37 AM   #10
rajavel
LQ Newbie
 
Registered: Feb 2009
Posts: 8

Original Poster
Rep: Reputation: 0
still i am facing the above problem...i cant able to open wireshark with command line..

Last edited by rajavel; 03-18-2009 at 05:14 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Facing issues in Wireshark network analyzer Dthecompany Linux - Newbie 4 01-29-2008 06:53 AM
Problem installing wireshark with yum bozoka45 Fedora 4 10-12-2007 04:33 PM
Wireshark problem kgd35s4wbxzrn08 Fedora 4 01-18-2007 06:05 PM
Facing a problem with procautostart safrout Linux - Software 3 12-24-2005 12:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration