Wireshark error - Unable to write to standard output

Before posting something, READ the changelog, WATCH the videos, howto and provide following:
Your install is: Bare metal, ESXi, what CPU model, RAM, HD, what EVE version you have, output of the uname -a and any other info that might help us faster.

Moderator: mike

Post Reply
dbeare
Posts: 2
Joined: Wed Nov 29, 2017 12:38 pm

Wireshark error - Unable to write to standard output

Post by dbeare » Wed Nov 29, 2017 1:25 pm

I installed the EVE-NG client side pack on my Windows 7 laptop yesterday and I'm getting an error whenever I try to open a capture on an interface. Wireshark gives me the "Unrecognized libpcap format or libpcap data" error message, and my Plink.exe cmd window shows the error "Unable to write to standard output: The pipe is being closed." I have modified my wireshark_wrapper.bat file with the correct root password. If I modify the wireshark_wrapper.bat and remove the "tcpdump -U -i %INT% -s 0 -w -%FILTER%" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i - portion, my Plink.exe window does log into my EVE server and drops me to the root@eve-ng:~# bash prompt. If I remove the "| "C:\Program Files\Wireshark\Wireshark.exe" -k -i -" portion of the wireshark_wrapper.bat, it appears that the tcpdump is running, but of course, Wireshark doesn't open. On another machine, my OSX box, I'm able to run a capture on any of the interfaces just fine, so I'm not sure if there's something else going on. I've tried uninstalling/reinstalling the EVE-NG pack as well. The EVE-NG server is a bare metal install and I've made sure that everything is updated. Everything else works beautifully, just unable to get wireshark captures working on my Win7 laptop. If anyone has any suggestions, I'd appreciate it. I looked through the forums and couldn't find anyone else with this problem. Moving from VIRL to EVE has been awesome so far, just made the switch last week :)
Top
dbeare
Posts: 2
Joined: Wed Nov 29, 2017 12:38 pm

Re: Wireshark error - Unable to write to standard output

Post by dbeare » Wed Nov 29, 2017 6:40 pm

Ok, so I modified the wireshark_wrapper to use wireshark-gtk.exe instead of wireshark.exe, which is the Legacy version of wireshark, and now it's working just fine. No idea why it wouldn't work with the standard version, but this definitely fixed the issue for me. Hopefully this helps if anyone else has the same issue.
Top
Jerry013
Posts: 3
Joined: Tue Aug 14, 2018 9:06 pm

Re: Wireshark error - Unable to write to standard output

Post by Jerry013 » Sun Jan 27, 2019 12:18 am

Saddly I have same problem, How did you ¨modified the wireshark_wrapper to use wireshark-gtk.exe instead of wireshark.exe¨? I am new on this, thank you in advance.
Top
Jerry013
Posts: 3
Joined: Tue Aug 14, 2018 9:06 pm

Re: Wireshark error - Unable to write to standard output

Post by Jerry013 » Sun Jan 27, 2019 12:31 am

I tried modifdy the wireshark_wrapper file but laptop stated I dont have rights to do it , if someone else fixed the issue please let me know how, thanks!
Top
Uldis (UD)
Posts: 5086
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:
Contact Uldis (UD)

Re: Wireshark error - Unable to write to standard output

Post by Uldis (UD) » Sun Jan 27, 2019 7:51 am

you cannot edit because it is under Program Files dir.
Make copy of this file to some other place, Mydocuments..
Then edit
and copy back to Program Files (overwrite)
Top
Post Reply

Return to “EVE-NG Help-Desk”