-   Linux - Networking (
-   -   Wireshark won't work (

spr 08-30-2010 06:11 PM

Wireshark won't work
Hi guys.
I remember that in the past, I succeed to sniff network traffic with Wireshark but when I tried lately, it didn't work.
- Enabled monitor and promisc mode using the command line and launched Wireshark with option 'promisc mode' on: didn't work.
- Directly launched Wireshark with option 'promisc mode' on: didn't work.
- Did the both previous things with option 'promisc mode' off: didn't work.

So in the worst case I can't get TCP packets (and any useful), even mine, and in the best case, I just can get my TCP (and others) packets.

I'm using AR5007EG with ath5k.
Please, help me!

PS: I launched Wireshark as root.
And sorry for my poor English.

14moose 08-31-2010 01:38 AM

Hi -

I often have many different interfaces (virtual networks, VPN tunnels, etc) and I sometimes to forget to select the "real" NIC when I start my capture.

SUGGESTION: please make sure you've selected a valid interface.

Perhaps the Wireshark Wiki might have some useful tips:

'Hope that helps

jefro 08-31-2010 05:13 PM

Does the ar5007eg and driver support promiscuous mode?

spr 09-01-2010 02:06 AM

14moose: Yes, I've selected a valid interface.
jefro: Yes, they do.

14moose 09-12-2010 11:27 PM

Hi -

In order of preference, I would:

1. Make sure I selected the correct interface (there might be several in the GUI pull-down)

2. Make sure I didn't inadvertently select a filter

3. Make sure SELinux (or something else in the environment) isn't interfering

4. Try uninstalling Wireshark, rebooting, and reinstalling (to verify nothing's "messed up" in the configuration)

5. Try installing and alternate sniffer tool (like tcpdump) and see if it exhibits the same problem

'Hope that helps

All times are GMT -5. The time now is 10:09 AM.