ubuntu - How to install Wireshak on Linux and capture USB traffic? -

-

i have encountered numerous problems in installation of wireshark, , capture of usb traffic, due user permissions.

in answer, describe full workflow doing that. answers each individual problems given on different forums, thought i'd bring in 1 answer, avoid future users google every single issue encounter.

tested on ubuntu 14.04, works on other distributions since none of steps specific ubuntu.

the first time follow tutorial, steps 1 -> 7.

when restart computer, have repeat steps 6 , 7 see usb interfaces in wireshark.

  1. install wireshark , libpcap:

    sudo apt-get install wireshark libpcap0.8

  2. for debian, ubuntu , other debian derivatives, continue step 3.

    for other linux based systems or other installation methods, see wireshark wiki, go step 6.

  3. reconfigure wireshark allow non-superusers track packets:

    sudo dpkg-reconfigure wireshark-common

    select <yes> in prompt

  4. add username "wireshark" usergroup:

    sudo usermod -a -g wireshark <your_username>

    you can verify if it’s done correctly displaying groups username part of:

    groups <your_username>

    if not, can add group "wireshark" manually:

    groupadd wireshark

    and add username group (see above)

  5. important: logout of session, log in.

  6. this step depends on kernel version installed on machine. know version of kernel, type:

    uname -r

    for versions of kernel prior 2.6.21, if debugfs not mounted on /sys/kernel/debug, ensure mounted there issuing following command:

    sudo mount -t debugfs / /sys/kernel/debug

    for kernel version 2.6.21 , later, load loadable module usbmon in kernel:

    sudo modprobe usbmon

    see wireshark wiki more information differentiation.

  7. if usbmon interfaces don't appear in wireshark, interfaces using dumpcap (the command-line tool of wireshark):

    sudo dumpcap -d

    you should see usbmon* interfaces. display permissions of usbmon interfaces:

    ls -l /dev/usbmon*

    if usbmon* files have 'crw-------', it's normal wireshark cannot read them because it's not run root. do not execute wireshark in root mode, may damage files. instead, make them accessible other users:

    sudo chmod 644 /dev/usbmon*

now usbmon interfaces should appear in wireshark.

have fun !

sources:

https://wiki.wireshark.org/capturesetup/usb#linux

https://wiki.wireshark.org/capturesetup/captureprivileges#most_unixes

https://unix.stackexchange.com/questions/55722/wireshark-couldnt-run-usr-sbin-dumpcap-in-child-process

http://anonscm.debian.org/viewvc/collab-maint/ext-maint/wireshark/trunk/debian/readme.debian?view=markup


Comments

Post a Comment

Popular posts from this blog

How has firefox/gecko HTML+CSS rendering changed in version 38? -

-
i have a little website header no longer renders correctly, since updating firefox 38.0.5 [the faceplant logo missing top right, , main logo no longer centred]. still renders expected in other browsers. how has engine's rendering changed in update? according mdn , list of changes is: css support ruby-position , ruby-align have been added , available default ( bug 1055676 , bug 1123917 , bug 1039006 ). the :unresolved pseudo-class has been implemented custom elements ( bug 1111633 ). the predefined style ethiopic-numeric uses space, instead of dot, suffix match recent change spec ( bug 1120721 ). css transitions on generated content (with ::before , ::after ) on both inline , block splits them start expected specification ( bug 1110277 ). the implementation of css logical properties made big progress. [...] how css transitions start has been modified match recent change of specifications, aiming @ having interoperable behavio...
Read more

android - CollapsingToolbarLayout: position the ExpandedText programmatically -

-
i using new android support design view collapsingtoolbarlayout. have need position expandedtitle programmatically. actually way set position expandedtitle in .xml file (example here: https://goo.gl/l5h5fc ) there no public api set text position programmatically , fields private . do know if it's possible without reflection or 'hacky' tricks? i have solved problem exposing properties via reflection ( https://gist.github.com/fpezzato/8e7d45112883dbbc5ffb ), works don't use trick in production code. @google: please no more private or final stuff! :)
Read more

Listeners to visualise results of load test in JMeter -

-
i want run load test in non-gui mode , save results in .csv file. (i have not modified .properties files, standard information saved) i plan load file , visualise results jmeter’s listeners. which listeners suited purpose? should avoid @ cost, might cause me misinterpret information? (e.g. in view results tree response data empty have - - not saved this. however, there has in fact been response. if saw listener might think there hasn’t been one. since want avoid this, listeners have gain information needed .csv file.) i’d know both jmeter listeners plugins. if running test in non-ui mode ideally should disable listeners in script. use '-l' option store test results .jtl extension. can later open jtl file jmeter. aggregate report or summary report should summarize test results , response time , throughput. if want plot graphs see trends on test duration can use http://jmeter-plugins.org/#/ standard , lib set. i suggest following listeners: response ...
Read more