Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Install Wireshark on 2.3.1

    Off-Topic & Non-Support Discussion
    8
    14
    5140
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JKnott
      JKnott last edited by

      I recently installed pfsense 2.3.1 and it appears to work well.  However, I'd like to install Wireshark.  I found instructions that use the pkg_add command, but that command does not appear to be available on my system (pkg is).  I have also seen posts that indicate pkg_add won't work on recent versions of pfsense.  So, how does one install Wireshark on this version?

      tnx jk

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 64 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      1 Reply Last reply Reply Quote 0
      • Jailer
        Jailer last edited by

        pkg install
        
        1 Reply Last reply Reply Quote 0
        • JKnott
          JKnott last edited by

          Unfortunately, that's not enough, as Wireshark is not included with pfsense.  Apparently, I have to find it somewhere and then install it.  I have lots of experience with Linux, including building from source, but none with FreeBSD.  I also get the impression many of the tools needed are not included with pfsense.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 64 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • Jailer
            Jailer last edited by

            No it's not. You'll have to do the install yourself if that's what you want.

            1 Reply Last reply Reply Quote 0
            • JKnott
              JKnott last edited by

              That is what I'm trying to figure out how to do.  As I mentioned, I'm quite familiar with Linux, but not FreeBSD and it appears some of the tools one might use are not included with pfsense.  That's why i'm asking for help on how to do this.  If I already knew, I wouldn't be asking.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 64 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              1 Reply Last reply Reply Quote 0
              • Derelict
                Derelict LAYER 8 Netgate last edited by

                Downloading packet captures from your firewall to view in Wireshark on your management workstation is not sufficient?

                Chattanooga, Tennessee, USA
                The pfSense Book is free of charge!
                DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • JKnott
                  JKnott last edited by

                  Some times I want to see at the firewall.  Also, some devices cannot run Wireshark.  My firewall had been running openSUSE Linux for years and it was no problem to install Wireshark & run on it.  The only reason I switched to pfsense is openSUSE doesn't yet support dhcpv6-pd, which is necessary to get an IPv6 prefix, from my ISP, on my network.

                  BTW, this is the article I found to install Wireshark on an earlier version of pfsense but, as I mentioned, the instructions don't work on 2.3.1.
                  https://turbofuture.com/computers/How-to-Run-Wireshark-on-pfSense-Using-X11-Forwarding-Over-SSH

                  I'd like to find something similar for 2.3.1.

                  PfSense running on Qotom mini PC
                  i5 CPU, 4 GB memory, 64 GB SSD & 4 Intel Gb Ethernet ports.
                  UniFi AC-Lite access point

                  I haven't lost my mind. It's around here...somewhere...

                  1 Reply Last reply Reply Quote 0
                  • H
                    heper last edited by

                    i agree with derelict on just sending the captures towards a remote client, but if you insist you could try below AT YOUR OWN RISK:

                    64bit

                    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/release_3/All/wireshark-2.0.2.txz
                    

                    32bit

                    pkg add http://pkg.freebsd.org/freebsd:10:x86:32/release_3/All/wireshark-2.0.2.txz
                    

                    i have not tried this, chances are you'll be missing dependencies that you'd need to add manually

                    1 Reply Last reply Reply Quote 0
                    • N
                      NOYB last edited by

                      Why install all that.  Can't the same thing be accomplished with an ssh tunnel and netcat or plink, or other ssh tools at the client end?

                      pfSense already has tcpdump and ssh.  Nothing more should be needed on the pfSense end.

                      All that really should be needed is to establish an ssh tunnel, run a remote tcpdump command and pipe it to wireshark or whatever tool is being used on the client.

                      Remote Packet Capture
                      https://forum.pfsense.org/index.php?topic=89917.msg497700

                      Long term traffic capture with tcpdump over netcat
                      https://forum.pfsense.org/index.php?topic=108668.msg607063#msg607063

                      1 Reply Last reply Reply Quote 0
                      • JKnott
                        JKnott last edited by

                        I have found this site that contains both wireshark and xauth.  Hopefully they'll do the trick.  They so seem a bit old though.

                        http://ftpmirror.your.org/pub/FreeBSD-Unofficial-Packages/100amd64-default/All/

                        PfSense running on Qotom mini PC
                        i5 CPU, 4 GB memory, 64 GB SSD & 4 Intel Gb Ethernet ports.
                        UniFi AC-Lite access point

                        I haven't lost my mind. It's around here...somewhere...

                        1 Reply Last reply Reply Quote 0
                        • JKnott
                          JKnott last edited by

                          i have not tried this, chances are you'll be missing dependencies that you'd need to add manually

                          I found one already for xauth, gdk-pixbuf2.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 64 GB SSD & 4 Intel Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          1 Reply Last reply Reply Quote 0
                          • jimp
                            jimp Rebel Alliance Developer Netgate last edited by

                            Do not install wireshark (or anything that needs/wants X11) anywhere near a firewall. Horrible idea.

                            You can pipe tcpdump data to wireshark over SSH, which is much better than attempting to put X11 binaries on the firewall. IIRC you could maybe use tshark to do similar (or more) things, like shown on https://www.howtoforge.com/wireshark-remote-capturing or with something like:

                            # wireshark -k -i <(ssh root@192.168.1.1 tcpdump -i  igb1 -U -w - not tcp port 22)
                            

                            You'll need ssh setup to use key-based auth so you don't get a password prompt, and ssh-agent so you don't get an interactive prompt for the key.

                            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 0
                            • C
                              cmb last edited by

                              Yes, what jimp said. The dependencies required to get Wireshark running are absurdly long and you'll almost certainly break something. tcpdump is there, and all you need on that system.

                              1 Reply Last reply Reply Quote 0
                              • 2
                                2chemlud Banned last edited by

                                Good time to share this absolutely cool post by Grünsfröschli:

                                https://forum.pfsense.org/index.php?topic=107605.0

                                :-D

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post