Wireshark captures nothing - Connection abandoned (SOLVED)
Moderator: mike
-
- Posts: 7
- Joined: Sun Dec 08, 2019 2:30 pm
Wireshark captures nothing - Connection abandoned (SOLVED)
Hello everyone!
I've googled several times and searched this forum but could not find any trce of solution to my problem.
When I try to start capturing traffic on a link, Wireshark starts up but captures nothing. In the window for wireshark_wrapper.bat I get the following:
https://pasteboard.co/IKjAaLU.png
Strange enough, it seems no one had an error like this. May be it's not even an error but it certainly looks suspicious...
I'm running EVE-NG on Windows 10 Corporate machine (VMware Workstation 15 Player). Account is not privileged. I've also tried to disable Windows firewall but it didn't help.
CPU is i5-2310 2.90 GHz, 12 Gb RAM
Login and pass for VM are default so I've changed nothing in .bat file.
Version is current (v2.0.3-102), I've just updated but still no luck.
I've googled several times and searched this forum but could not find any trce of solution to my problem.
When I try to start capturing traffic on a link, Wireshark starts up but captures nothing. In the window for wireshark_wrapper.bat I get the following:
https://pasteboard.co/IKjAaLU.png
Strange enough, it seems no one had an error like this. May be it's not even an error but it certainly looks suspicious...
I'm running EVE-NG on Windows 10 Corporate machine (VMware Workstation 15 Player). Account is not privileged. I've also tried to disable Windows firewall but it didn't help.
CPU is i5-2310 2.90 GHz, 12 Gb RAM
Login and pass for VM are default so I've changed nothing in .bat file.
Version is current (v2.0.3-102), I've just updated but still no luck.
Last edited by johndoe on Thu Dec 12, 2019 7:53 pm, edited 1 time in total.
-
- Posts: 5067
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Wireshark captures nothing - Connection abandoned
obviously issue is in that corporate machine access rights...
eve making wireshark session using ssh to eve vm itself using root access to eve vm.
Iam not sure if its locked for your pc or not..
Well solution could be EVE Pro, it has clientless and integrated wireshark inside of eve.
No need make any external connections from local wireshark to eve nodes...
btw, makes suer if in your wireshark_wrapper.bat is correctly set eve root password !
Uldis
eve making wireshark session using ssh to eve vm itself using root access to eve vm.
Iam not sure if its locked for your pc or not..
Well solution could be EVE Pro, it has clientless and integrated wireshark inside of eve.
No need make any external connections from local wireshark to eve nodes...
btw, makes suer if in your wireshark_wrapper.bat is correctly set eve root password !
Uldis
-
- Posts: 5067
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Wireshark captures nothing - Connection abandoned
Issue is because you wont read our how to....
eve cookbooks,
Pro
or
community
https://www.eve-ng.net/index.php/docume ... -cookbook/
https://www.eve-ng.net/index.php/docume ... -cookbook/
Uldis
eve cookbooks,
Pro
or
community
https://www.eve-ng.net/index.php/docume ... -cookbook/
https://www.eve-ng.net/index.php/docume ... -cookbook/
Uldis
-
- Posts: 7
- Joined: Sun Dec 08, 2019 2:30 pm
Re: Wireshark captures nothing - Connection abandoned
Thank you both for the answer guys. I've double checked login and pass in BAT file so it's not the culprit.Uldis (UD) wrote: ↑Wed Dec 11, 2019 3:57 pmIssue is because you wont read our how to....
eve cookbooks,
Pro
or
community
https://www.eve-ng.net/index.php/docume ... -cookbook/
https://www.eve-ng.net/index.php/docume ... -cookbook/
Uldis
Uldis, could you please point out where can I find the answer? I've searched Community Cookbook for "wireshark", for "permissions" and found only 5.1.2. There's not much information in there and everything seems fine.
-
- Posts: 7
- Joined: Sun Dec 08, 2019 2:30 pm
Re: Wireshark captures nothing - Connection abandoned
Ah and speaking of permissions - I've got the same problem on my laptop at work where I have admin rights.
-
- Posts: 533
- Joined: Wed Mar 15, 2017 1:54 pm
Re: Wireshark captures nothing - Connection abandoned
Use putty first to connect to eve as root
This error is due to ssh key not know by your client PC
When you successfully connect eve using putty, wireshark batch file should works......
E.
This error is due to ssh key not know by your client PC
When you successfully connect eve using putty, wireshark batch file should works......
E.
-
- Posts: 7
- Joined: Sun Dec 08, 2019 2:30 pm
Re: Wireshark captures nothing - Connection abandoned
Thanks for suggestion ecze, but it didn't resolve my issue.
Also I tried to change rights for Wireshark to run it always with admin privilege and that changed nothing too
-
- Posts: 7
- Joined: Sun Dec 08, 2019 2:30 pm
Re: Wireshark captures nothing - Connection abandoned
I've solved the problem with "abandoned connection" by editing wireshark_wrapper.bat.
According to this post https://github.com/HeidiSQL/HeidiSQL/issues/639 plink.exe couldn.t start normally with both "-ssh" and "-batch" keys. The solution is to delete "-batch". After that I've finally got promted to save my key to PC.
BUT Wireshark still captures nothing, I see no frames.
According to this post https://github.com/HeidiSQL/HeidiSQL/issues/639 plink.exe couldn.t start normally with both "-ssh" and "-batch" keys. The solution is to delete "-batch". After that I've finally got promted to save my key to PC.
BUT Wireshark still captures nothing, I see no frames.
-
- Posts: 7
- Joined: Sun Dec 08, 2019 2:30 pm
Re: Wireshark captures nothing - Connection abandoned
SOLVED!
After I've accepted the key I added the "-batch" option again - and voila. Everything works fine!
After I've accepted the key I added the "-batch" option again - and voila. Everything works fine!
-
- Posts: 7
- Joined: Sun Dec 08, 2019 2:30 pm
Re: Wireshark captures nothing - Connection abandoned
Actually I think that this is a better solution to my problem. I thought that connecting to VM with PuTTY isn't of great importance and instead connected with SecureCRT.
Should have tried PuTTY, my bad...