Wireshark captures nothing - Connection abandoned (SOLVED)

Before posting something, READ the changelog, WATCH the videos, howto and provide following:
Your install is: Bare metal, ESXi, what CPU model, RAM, HD, what EVE version you have, output of the uname -a and any other info that might help us faster.

Moderator: mike

johndoe
Posts: 7
Joined: Sun Dec 08, 2019 2:30 pm

Wireshark captures nothing - Connection abandoned (SOLVED)

Post by johndoe » Sun Dec 08, 2019 3:21 pm

Hello everyone!

I've googled several times and searched this forum but could not find any trce of solution to my problem.
When I try to start capturing traffic on a link, Wireshark starts up but captures nothing. In the window for wireshark_wrapper.bat I get the following:
https://pasteboard.co/IKjAaLU.png

Strange enough, it seems no one had an error like this. May be it's not even an error but it certainly looks suspicious...

I'm running EVE-NG on Windows 10 Corporate machine (VMware Workstation 15 Player). Account is not privileged. I've also tried to disable Windows firewall but it didn't help.
CPU is i5-2310 2.90 GHz, 12 Gb RAM

Login and pass for VM are default so I've changed nothing in .bat file.
Version is current (v2.0.3-102), I've just updated but still no luck.
Last edited by johndoe on Thu Dec 12, 2019 7:53 pm, edited 1 time in total.

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Wireshark captures nothing - Connection abandoned

Post by Uldis (UD) » Mon Dec 09, 2019 1:23 am

obviously issue is in that corporate machine access rights...
eve making wireshark session using ssh to eve vm itself using root access to eve vm.
Iam not sure if its locked for your pc or not..
Well solution could be EVE Pro, it has clientless and integrated wireshark inside of eve.
No need make any external connections from local wireshark to eve nodes...

btw, makes suer if in your wireshark_wrapper.bat is correctly set eve root password !


Uldis

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Wireshark captures nothing - Connection abandoned

Post by Uldis (UD) » Wed Dec 11, 2019 3:57 pm

Issue is because you wont read our how to....
eve cookbooks,
Pro
or
community

https://www.eve-ng.net/index.php/docume ... -cookbook/

https://www.eve-ng.net/index.php/docume ... -cookbook/

Uldis

johndoe
Posts: 7
Joined: Sun Dec 08, 2019 2:30 pm

Re: Wireshark captures nothing - Connection abandoned

Post by johndoe » Thu Dec 12, 2019 12:43 pm

Uldis (UD) wrote:
Wed Dec 11, 2019 3:57 pm
Issue is because you wont read our how to....
eve cookbooks,
Pro
or
community

https://www.eve-ng.net/index.php/docume ... -cookbook/

https://www.eve-ng.net/index.php/docume ... -cookbook/

Uldis
Thank you both for the answer guys. I've double checked login and pass in BAT file so it's not the culprit.

Uldis, could you please point out where can I find the answer? I've searched Community Cookbook for "wireshark", for "permissions" and found only 5.1.2. There's not much information in there and everything seems fine.

johndoe
Posts: 7
Joined: Sun Dec 08, 2019 2:30 pm

Re: Wireshark captures nothing - Connection abandoned

Post by johndoe » Thu Dec 12, 2019 1:38 pm

Ah and speaking of permissions - I've got the same problem on my laptop at work where I have admin rights.

ecze
Posts: 533
Joined: Wed Mar 15, 2017 1:54 pm

Re: Wireshark captures nothing - Connection abandoned

Post by ecze » Thu Dec 12, 2019 3:26 pm

Use putty first to connect to eve as root
This error is due to ssh key not know by your client PC

When you successfully connect eve using putty, wireshark batch file should works......

E.

johndoe
Posts: 7
Joined: Sun Dec 08, 2019 2:30 pm

Re: Wireshark captures nothing - Connection abandoned

Post by johndoe » Thu Dec 12, 2019 7:05 pm

ecze wrote:
Thu Dec 12, 2019 3:26 pm
Use putty first to connect to eve as root
This error is due to ssh key not know by your client PC

When you successfully connect eve using putty, wireshark batch file should works......

E.
Thanks for suggestion ecze, but it didn't resolve my issue.
Also I tried to change rights for Wireshark to run it always with admin privilege and that changed nothing too

johndoe
Posts: 7
Joined: Sun Dec 08, 2019 2:30 pm

Re: Wireshark captures nothing - Connection abandoned

Post by johndoe » Thu Dec 12, 2019 7:31 pm

I've solved the problem with "abandoned connection" by editing wireshark_wrapper.bat.
According to this post https://github.com/HeidiSQL/HeidiSQL/issues/639 plink.exe couldn.t start normally with both "-ssh" and "-batch" keys. The solution is to delete "-batch". After that I've finally got promted to save my key to PC.

BUT Wireshark still captures nothing, I see no frames.

johndoe
Posts: 7
Joined: Sun Dec 08, 2019 2:30 pm

Re: Wireshark captures nothing - Connection abandoned

Post by johndoe » Thu Dec 12, 2019 7:51 pm

SOLVED!

After I've accepted the key I added the "-batch" option again - and voila. Everything works fine!

johndoe
Posts: 7
Joined: Sun Dec 08, 2019 2:30 pm

Re: Wireshark captures nothing - Connection abandoned

Post by johndoe » Thu Dec 12, 2019 8:46 pm

ecze wrote:
Thu Dec 12, 2019 3:26 pm
Use putty first to connect to eve as root
This error is due to ssh key not know by your client PC

When you successfully connect eve using putty, wireshark batch file should works......

E.
Actually I think that this is a better solution to my problem. I thought that connecting to VM with PuTTY isn't of great importance and instead connected with SecureCRT.
Should have tried PuTTY, my bad...

Post Reply