[SOLVED] Wireshark Packet Capture not working on Linux | Ubuntu | PopOs
-
-
More info needed!
pfSense version? OS you're connecting from? Wireshark version?
Steve
-
I tend to run this 172.16.2.20 is the device I'm saving the capture file to:-
andy@mac-pro ~ % ssh root@172.16.0.1 'tcpdump -i igb0 src not 172.16.2.20 and dst not 172.16.2.20 -w -' > ~/172.16.0.1.cap
Password for root@pfsense:
tcpdump: listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C% andy@mac-pro ~ %Then look at the capture after.
-
pfSense version = 2.4.4-RELEASE-p3
OS you're connecting from = PopOS
Wireshark version = Version 3.0.5 (Git v3.0.5 packaged as 3.0.5-1) -
The syntax from the docs still works, I tried it today. A few things to watch out for: It assumes your shell is
bash, that you have SSH keys andssh-agentsetup, that you are connecting to the firewall using therootaccount (e.g.root@192.168.1.1), and thatwiresharkis properly setup on your workstation. That likely includes making sure your user is a member of thewiresharkgroup.Do not run
sshorwiresharkwithsudoon your workstation.Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp How do I check if my shell is bash or not? I am new to Linux.
-
@manjotsc said in Wireshark Packet Capture not working:
@jimp How do I check if my shell is bash or not? I am new to Linux.
It's normally bash by default. So, unless you changed it, it's bash.
-
@jimp Working I just changed admin@192.168.40.1 to root@192.168.40.1 , removed sudo and it worked.
Thanks,
