Bug#712380: Option to show on which iface a packet was received
also sprach Bálint Réczey bal...@balintreczey.hu [2013.06.20.0457 +0200]: Please check /usr/share/doc/wireshark-common/README.Debian for information about capturing traffic as a non-privileged user. I know I can capture traffic as non-root, but there seems to be no easy way to inspect live data, as dumpcap does not allow me to write pcap data to stdout. :( Am I overlooking something here? -- .''`. martin f. krafft madduck@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems windoze nt crashed. i am the blue screen of death. no one hears your screams. digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#712380: Option to show on which iface a packet was received
2013/6/20 martin f krafft madd...@debian.org: also sprach Bálint Réczey bal...@balintreczey.hu [2013.06.20.0457 +0200]: Please check /usr/share/doc/wireshark-common/README.Debian for information about capturing traffic as a non-privileged user. I know I can capture traffic as non-root, but there seems to be no easy way to inspect live data, as dumpcap does not allow me to write pcap data to stdout. :( If you set up dumpcap according to the docs tshark will run it with appropriate privileges and you can monitor live traffic. Cheers, Balint -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#712380: Option to show on which iface a packet was received
also sprach Bálint Réczey bal...@balintreczey.hu [2013.06.17.0244 +0200]: Wireshark supports Lua language for extending its functionality without compiling anything: Yeah, I know about this, but Lua is disabled when invoked as root, and that means I cannot see these data live. Also, I really wish I could see the interface name (rather than the ID), but I have not been able to find an appropriate field name. -- .''`. martin f. krafft madduck@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems consciousness: that annoying time between naps. digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#712380: Option to show on which iface a packet was received
Hi Martin, 2013/6/19, martin f krafft madd...@debian.org: also sprach Bálint Réczey bal...@balintreczey.hu [2013.06.17.0244 +0200]: Wireshark supports Lua language for extending its functionality without compiling anything: Yeah, I know about this, but Lua is disabled when invoked as root, and that means I cannot see these data live. Please check /usr/share/doc/wireshark-common/README.Debian for information about capturing traffic as a non-privileged user. It is also possible to enable running Lua scripts as root, but since it can be dangerous system admins must prove their skills by figuring out how on their own. ;-) Cheers, Balint Also, I really wish I could see the interface name (rather than the ID), but I have not been able to find an appropriate field name. -- .''`. martin f. krafft madduck@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems consciousness: that annoying time between naps. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#712380: Option to show on which iface a packet was received
Hi Martin, 2013/6/15 martin f krafft madd...@debian.org: also sprach Bálint Réczey bal...@balintreczey.hu [2013.06.15.2037 +0200]: tshark already does that: $ tshark -V -i wlan0 -i lo Yeah, with -V, but that is too verbose. What I meant was to provide an option or some other way to include the interface in the line-by-line default output. Sorry that I wasn't clearer… I agree that this information can be quite handy and there is already a way to achieve what you are asking for. Wireshark supports Lua language for extending its functionality without compiling anything: rbalint@chaos:~$ cat if_id.lua -- trivial postdissector example -- declare some Fields to be read if_id_f = Field.new(frame.interface_id) -- declare our (pseudo) protocol trivial_proto = Proto(trivial,Trivial Postdissector) -- create a function to postdissect each frame function trivial_proto.dissector(buffer,pinfo,tree) -- obtain the current values the protocol fields local if_id = if_id_f() io.write(string.format(If id: %s, tostring(if_id))) end -- register our protocol as a postdissector register_postdissector(trivial_proto) rbalint@chaos:~$ tshark -Xlua_script:if_id.lua -r /tmp/asd2.pcap If id: 0 1 0.0 192.168.0.154 - 200.237.192.15 TCP 66 52903 http [ACK] Seq=1 Ack=1 Win=3287 Len=0 TSval=18026345 TSecr=791985608 If id: 1 2 0.009209000127.0.0.1 - 127.0.0.1ICMP 98 Echo (ping) request id=0x138f, seq=3/768, ttl=64 I think having this option should be enough to fulfill this wish. Having my Wireshark developer on I would like to keep the C codebase simple and keep the default output in the current form. There is so much information which would be handy, but there is not enough room for them. Cheers, Balint -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#712380: Option to show on which iface a packet was received
Package: tshark Version: 1.8.7-1 Severity: wishlist With -i any or multiple -i options, it would be great if tshark could actually tell me on which iface a packet was received/seen. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.10-rc4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages tshark depends on: ii libc6 2.17-5 ii libglib2.0-0 2.36.3-1 ii libpcap0.81.4.0-1 ii libwireshark2 1.8.7-1 ii libwiretap2 1.8.7-1 ii libwsutil21.8.7-1 ii wireshark-common 1.8.7-1 ii zlib1g1:1.2.8.dfsg-1 tshark recommends no packages. tshark suggests no packages. -- no debconf information -- .''`. martin f. krafft madduck@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
Bug#712380: Option to show on which iface a packet was received
Hi Martin, tshark already does that: $ tshark -V -i wlan0 -i lo Frame 1: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0 Interface id: 0 WTAP_ENCAP: 1 Arrival Time: Jun 15, 2013 12:28:14.774343000 GALT Frame 2: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 1 Interface id: 1 WTAP_ENCAP: 1 Arrival Time: Jun 15, 2013 12:28:14.783552000 GALT ... Cheers, Balint 2013/6/15 martin f krafft madd...@debian.org: Package: tshark Version: 1.8.7-1 Severity: wishlist With -i any or multiple -i options, it would be great if tshark could actually tell me on which iface a packet was received/seen. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.10-rc4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages tshark depends on: ii libc6 2.17-5 ii libglib2.0-0 2.36.3-1 ii libpcap0.81.4.0-1 ii libwireshark2 1.8.7-1 ii libwiretap2 1.8.7-1 ii libwsutil21.8.7-1 ii wireshark-common 1.8.7-1 ii zlib1g1:1.2.8.dfsg-1 tshark recommends no packages. tshark suggests no packages. -- no debconf information -- .''`. martin f. krafft madduck@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#712380: Option to show on which iface a packet was received
also sprach Bálint Réczey bal...@balintreczey.hu [2013.06.15.2037 +0200]: tshark already does that: $ tshark -V -i wlan0 -i lo Yeah, with -V, but that is too verbose. What I meant was to provide an option or some other way to include the interface in the line-by-line default output. Sorry that I wasn't clearer… -- .''`. martin f. krafft madduck@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems digital_signature_gpg.asc Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)