Wireshark Capture (Ubuntu & GNS3)

Hey guys... i was looking for some help with capturing packets using Wireshark. I normally use GNS3 on my windows box, but decided to set it up on my Ubuntu machine. When I use GNS3 under Windows, I simply right click the link between 2 routers, hit Capture, choose the Source, and Wireshark launches and displays packets flowing over the link.

When I try doing it on the Ubuntu machine, I right click the link, click Capture, choose the Source, hit OK, and this pops up:

/home/labwork/R3_to_R4.cap is empty, no traffic captured on the link. Try again later

I am running Ubuntu 10.10 and Wireshark is installed.

Under the GNS Preferences, my settings are:

Working directory for capture files:
/home/labwork

Command to launch wireshark or capture file reader:
/usr/bin/wireshark %c

I didn't find anything in the GNS documentation that addresses this and haven't been having much luck on Google...

Any suggestions? Thanx!

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Bl8ckr0uter

Are you running wireshark as root (sudo wireshark)?

That would be the first thing I would look at. The second is to make sure you have an interface selected at the top (but if you aren't running as root, you won't see any interfaces).

up2thetime

Bl8ckr0uter wrote: »

Are you running wireshark as root (sudo wireshark)?

That would be the first thing I would look at. The second is to make sure you have an interface selected at the top (but if you aren't running as root, you won't see any interfaces).

Hmmm..

Okay, I wasn't running Wireshark as root...so I went to Terminal and did
sudo wireshark.

This launched wireshark and showed a list of interfaces.

However, when I right click the link between 2 routers in GNS and click Capture, I still receive :
/home/labwork/R3_to_R4.cap is empty, no traffic captured on the link. Try again later

seekrit

Are you running GNS3 as root?

up2thetime

Hey I got it!

Looks like I was just used to the way it worked under Windows (where Wireshark would open once you clicked capture and automatically start showing traffic).

What I did was start the capture under Ubuntu, then right click the link again and click Start Wireshark. Looks like the reason that it gives that error message initially is because there was no traffic on the link (capture file is empty). Once there is something useful, the capture file is no longer empty, and traffic is shown.

Thanks for the responses.

This even works when not running GNS or Wireshark as root.