Wireshark error - Unable to write to standard output
Posted: Wed Nov 29, 2017 1:25 pm
I installed the EVE-NG client side pack on my Windows 7 laptop yesterday and I'm getting an error whenever I try to open a capture on an interface. Wireshark gives me the "Unrecognized libpcap format or libpcap data" error message, and my Plink.exe cmd window shows the error "Unable to write to standard output: The pipe is being closed." I have modified my wireshark_wrapper.bat file with the correct root password. If I modify the wireshark_wrapper.bat and remove the "tcpdump -U -i %INT% -s 0 -w -%FILTER%" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i - portion, my Plink.exe window does log into my EVE server and drops me to the root@eve-ng:~# bash prompt. If I remove the "| "C:\Program Files\Wireshark\Wireshark.exe" -k -i -" portion of the wireshark_wrapper.bat, it appears that the tcpdump is running, but of course, Wireshark doesn't open. On another machine, my OSX box, I'm able to run a capture on any of the interfaces just fine, so I'm not sure if there's something else going on. I've tried uninstalling/reinstalling the EVE-NG pack as well. The EVE-NG server is a bare metal install and I've made sure that everything is updated. Everything else works beautifully, just unable to get wireshark captures working on my Win7 laptop. If anyone has any suggestions, I'd appreciate it. I looked through the forums and couldn't find anyone else with this problem. Moving from VIRL to EVE has been awesome so far, just made the switch last week 