Wireshark/Kali problems

tedjamestedjames Scruffy-looking nerfherdrMember Posts: 1,179 ■■■■■■■■□□
I've run Wireshark in a Windows environment with no problem. I recently installed Oracle VM Virtual Box with Kali Linux running on a VM. Everything is 64-bit.

I ran captures with no problem, but every time I attempted to follow TCP Stream, Wireshark crashed. This never happened when I was running Wireshark on Windows. Do you have any idea why it would crash in Kali in a VM?

I ran Wireshark from the command line and went through the same process. When it crashed, the command line displayed the message "Segmentation Fault."

The next day, after logging in to Kali, I updated and upgraded Kali. During the upgrade, I was given the option to allow Wireshark to run in non-administrator mode. I noticed that Wireshark had been updated to version 2.2.2. The day before, it was still on 2.2.0.

After that, it worked fine. I'm guessing, and please correct me if I'm wrong, that attempting to run Wireshark in non-Administrator mode caused the failure and that setting Wireshark to allow non-administrators to run allows me to follow the TCP stream with no problems. Is that correct?

Comments

  • FillAwfulFillAwful Member Posts: 119 ■■■□□□□□□□
    When I started reading your thread my first thought was to update Wireshark from the repo and you did that and it seems to have fixed the problem.

    Are you capturing live traffic or just reading .pcap files? Are you root? I may be mistaken in that you have to run Wireshark as root to capture live traffic. When I use Kali I usually am logged in as root. With other distros I tend to run wireshark as root by default sudo wireshark &&.

    It seems your problem is resolved and it may very well have been a broken version of wireshark.
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,179 ■■■■■■■■□□
    I update and upgrade every time I log into Kali Linux, and I always log in as root. When I run it in Windows, I don't run it in root.

    I was capturing live traffic.

    You're probably right about it being a bad version of Wireshark.
Sign In or Register to comment.