Support and News Forum

Hello everyone!

I've googled several times and searched this forum but could not find any trce of solution to my problem.
When I try to start capturing traffic on a link, Wireshark starts up but captures nothing. In the window for wireshark_wrapper.bat I get the following:
https://pasteboard.co/IKjAaLU.png

Strange enough, it seems no one had an error like this. May be it's not even an error but it certainly looks suspicious...

I'm running EVE-NG on Windows 10 Corporate machine (VMware Workstation 15 Player). Account is not privileged. I've also tried to disable Windows firewall but it didn't help.
CPU is i5-2310 2.90 GHz, 12 Gb RAM

Login and pass for VM are default so I've changed nothing in .bat file.
Version is current (v2.0.3-102), I've just updated but still no luck.

obviously issue is in that corporate machine access rights...
eve making wireshark session using ssh to eve vm itself using root access to eve vm.
Iam not sure if its locked for your pc or not..
Well solution could be EVE Pro, it has clientless and integrated wireshark inside of eve.
No need make any external connections from local wireshark to eve nodes...

btw, makes suer if in your wireshark_wrapper.bat is correctly set eve root password !


Uldis

Issue is because you wont read our how to....
eve cookbooks,
Pro
or
community

https://www.eve-ng.net/index.php/docume ... -cookbook/

https://www.eve-ng.net/index.php/docume ... -cookbook/

Uldis

Uldis (UD) wrote: ↑

Wed Dec 11, 2019 3:57 pm

Issue is because you wont read our how to....
eve cookbooks,
Pro
or
community

https://www.eve-ng.net/index.php/docume ... -cookbook/

https://www.eve-ng.net/index.php/docume ... -cookbook/

Uldis

Thank you both for the answer guys. I've double checked login and pass in BAT file so it's not the culprit.

Uldis, could you please point out where can I find the answer? I've searched Community Cookbook for "wireshark", for "permissions" and found only 5.1.2. There's not much information in there and everything seems fine.

Ah and speaking of permissions - I've got the same problem on my laptop at work where I have admin rights.

Use putty first to connect to eve as root
This error is due to ssh key not know by your client PC

When you successfully connect eve using putty, wireshark batch file should works......

E.

ecze wrote: ↑

Thu Dec 12, 2019 3:26 pm

Use putty first to connect to eve as root
This error is due to ssh key not know by your client PC

When you successfully connect eve using putty, wireshark batch file should works......

E.

Thanks for suggestion ecze, but it didn't resolve my issue.
Also I tried to change rights for Wireshark to run it always with admin privilege and that changed nothing too

I've solved the problem with "abandoned connection" by editing wireshark_wrapper.bat.
According to this post https://github.com/HeidiSQL/HeidiSQL/issues/639 plink.exe couldn.t start normally with both "-ssh" and "-batch" keys. The solution is to delete "-batch". After that I've finally got promted to save my key to PC.

BUT Wireshark still captures nothing, I see no frames.

SOLVED!

After I've accepted the key I added the "-batch" option again - and voila. Everything works fine!

ecze wrote: ↑

Thu Dec 12, 2019 3:26 pm

Use putty first to connect to eve as root
This error is due to ssh key not know by your client PC

When you successfully connect eve using putty, wireshark batch file should works......

E.

Actually I think that this is a better solution to my problem. I thought that connecting to VM with PuTTY isn't of great importance and instead connected with SecureCRT.
Should have tried PuTTY, my bad...