Comments (8)
Same problem here! Got:
Could not find network interface <interface_name>
from termshark.
Hello, I may have the same issue:
sudo termshark -i eth0
It looks like the interface name is missing in the child processes.
/usr/bin/dumpcap -n -i - -Z none
tshark -T psml -o gui.column.format:"No.","%m","Time","%t","Source","%s","Destination","%d","Protocol","%p","Length","%L","Info","%i" -i - -l
from termshark.
-i -
means that dumpcap is reading from stdin, not eth0. @hook-s3c can you post the result of ps x | grep "[d]umpcap"
after starting sudo termshark -i 1
?
from termshark.
ps aux | grep "[d]umpcap"
root 29839 0.0 0.0 62492 4836 pts/3 S+ 13:53 0:00 /usr/bin/dumpcap -n -i - -Z none
from termshark.
Sorry I didn't respond to this for so long. When testing I often run something like this in a tmux pane:
while [ 1 ] ; do ps auxw --forest | grep 'dumpcap\|tail\|termshark\|tshark' ; sleep 0.5s ; clear ; done
Here's what I see reading from eth0 on my laptop
gcla 3011 | \_ bash /home/gcla/bin/tm.sh 2 go run cmd/termshark/termshark.go -i eth0
gcla 3014 | \_ go run cmd/termshark/termshark.go -i eth0
gcla 3153 | \_ /tmp/go-build782541691/b001/exe/termshark -i eth0
gcla 3193 | \_ dumpcap -P -i eth0 -w /home/gcla/.cache/termshark/eth0-273276068.pcap
gcla 3195 | \_ tshark -T psml -o gui.column.format:"No.","%m","Time","%t","Source","%s","Destination","%d","Protocol","%p","Length","%L","Info","%i" -i - -l -d udp.port==2075,cflow -d udp.port==9191,cflow -d udp.port==2055,cflow -d udp.port==2095,cflow
gcla 3251 | | \_ /usr/bin/dumpcap -n -i - -Z none
gcla 3196 | \_ tail -f -c +0 /home/gcla/.cache/termshark/eth0-273276068.pcap
gcla 3463 | \_ grep --color=auto dumpcap\|tail\|termshark\|tshark
(tm.sh is just a hack to render the tui on a different tty)
@pocc is right that the dumpcap command highlighted in #22 (comment) is reading from stdin - in my process list, the stdin of 3195 (which defers to 3251) is being fed by the stdout from 3196. When termshark reads from an iface, it starts one dumpcap to write the packets to a hidden pcap file, then it sets up a tail command to continuously feed updates to tshark for psml, etc. The tail command reads from the hidden pcap file. That way, if a new display filter is applied, the tail can be restarted at the beginning and the already captured packets are preserved.
So for this issue, I think something has gone wrong with @hook-s3c 's equivalent of my pid 3193. Termshark should definitely handle this properly, and seems like it isn't.
@hook-s3c - does
sudo tshark -i eth0
work for you? If it does, you could try running termshark under strace and it might reveal what's going wrong with the dumpcap
sudo strace -f -o foo -s 256 -tt termshark -i eth0
from termshark.
@gcla, in my case, dumpcap corresponding to your PID 3193 exits prematurely because of permission issue. I haven't figured out yet why a root process can't create the pcap file.
openat(AT_FDCWD, "/home/user/.cache/termshark/enx000ec688e4c7-151260431.pcap", O_WRONLY|O_CREAT|O_TRUNC, 0600) = -1 EACCES (Permission denied)
from termshark.
@hook-s3c and @pkeroulas - is this issue still affecting you? My understanding is that dumpcap will drop root permissions once it's opened the interface it needs, so perhaps when it calls openat()
it has already called seteuid()
to a user without permission to write to that directory. Some more data here: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/389467
from termshark.
I will close this for now, but please re-open if it's still an issue.
from termshark.
Related Issues (20)
- Consider using sharkd when it's available
- Consider SIP callflow HOT 7
- New installation fails to launch HOT 1
- Guide for performing a termshark upgrade to latest version
- help
- doesn't work: The termshark UI will start when packets are detected on eth0... HOT 4
- Support decrypting HTTPS/TLS traffic via SSLKEYLOGFILE
- pkg/system/dumpcapext.go build constraints are not specific enough
- Go to packet
- Invisible packets list HOT 2
- panic: runtime error: index out of range [70] with length 70
- High CPU usage when scrolling, or when a lot of packets get received
- Wierd UI looking
- Error starting UI: character set not supported
- Vulnerability of dependency "golang.org/x/net" HOT 2
- [Packet Index, Packet Data] Pair do not match what is seen in Wireshark form Exported PCap file.
- Use Croc in lieu of Wormhole?
- Support vi-style binds in copy mode
- Unable to Quit (from long-running sessions) HOT 1
- Easy transparent background support
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from termshark.