Embedded WIreShark not works

tnizharadze · Post by **tnizharadze** » Mon Dec 02, 2019 7:52 pm

Hardware: host config - CPU - Core i5-7500 (4 Cores), 32GB RAM, 1TB HDD, 1 network interface
EVE-NG Running on - VM Work Station (14.X)
VT-X - Enabled
EVE version - 2.0.6 – 17

Hello!
Very often embedded Wireshark doesn`t works. In that situations I see login prompt.
My quetions is:
1. Is it possible to disable embedded wireshark? And continue work like in community edition.
2. If not, can anyone tell me where is a problem?

Thanks for advise.

Code: Select all

root@eve-ng:~# ps ax | grep dock
  3034 ?        Ssl    9:41 /usr/bin/dockerd -H tcp://127.0.0.1:4243 -s overlay2
  3240 ?        Ssl    2:37 docker-containerd -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docker/libcontainerd/containerd --shim docker-containerd-shim --runtime docker-runc
 82088 pts/0    S+     0:00 grep --color=auto dock

Code: Select all

Dec 02 22:22:31 INFO: starting /opt/unetlab/wrappers/nsenter -t 72541 -n sysctl -w net.ipv6.conf.eth1.disable_ipv6=1
Dec 02 22:22:31 INFO: starting /opt/unetlab/wrappers/nsenter -t 72541 -n ip addr add 172.17.180.217/16 dev eth1
Dec 02 22:22:31 INFO: starting ip link set netns 72541 docker0_1050624 name eth1 address 50:00:00:10:08:00 up
Dec 02 22:22:31 INFO: starting docker -H=tcp://127.0.0.1:4243 inspect --format "{{ .State.Pid }}" Capture-1050624
Dec 02 22:22:31 INFO: starting brctl addif docker0 rdp_1050624
Cannot find device "rdp_1050624"
Dec 02 22:22:31 INFO: starting ip link delete rdp_1050624
Dec 02 22:22:31 INFO: starting docker -H=tcp://127.0.0.1:4243 inspect --format "{{ .State.Pid }}" Capture-1050624
Dec 02 22:22:31 INFO: sysctl -w net.ipv6.conf.dcap_1050624.disable_ipv6=1
Dec 02 22:22:31 INFO: sysctl -w net.ipv6.conf.cap_1050624.disable_ipv6=1
Dec 02 22:22:31 INFO: starting ip link set dev cap_1050624 up
Dec 02 22:22:31 INFO: starting ip link add dcap_1050624 type veth peer name cap_1050624
Cannot find device "cap_1050624"
Dec 02 22:22:31 INFO: starting ip link delete cap_1050624
Dec 02 22:22:31 INFO: started process is
Dec 02 22:22:31 INFO: starting docker -H=tcp://127.0.0.1:4243 start Capture-1050624
Dec 02 22:22:30 INFO: starting docker -H=tcp://127.0.0.1:4243 create --shm-size 1G --privileged -ti --net=none --name=Capture-1050624 -h Capture-vunl1_0_2_0 eve-wireshark
RTNETLINK answers: Invalid argument
We have an error talking to the kernel
RTNETLINK answers: Invalid argument
We have an error talking to the kernel
RTNETLINK answers: Invalid argument
Error: No such object: Capture-1050624
Dec 02 22:22:30 Dec 02 22:22:30 Online Check state: Valid

eve.png

Uldis (UD) · Post by **Uldis (UD)** » Tue Dec 03, 2019 9:10 pm

did you install dockers?
check on cli

Code: Select all

root@eve-ng:~# dc images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
eve-wireshark       latest              413aae02d43d        2 days ago          1.62GB
eve-firefox         latest              8882ac260c1f        2 days ago          2.15GB
eve-gui-server      latest              35d3676ee350        2 days ago          3.67GB
eve-desktop         latest              b041a187ded9        2 days ago          3GB
dockergui-rdp       latest              be03f3b46439        2 days ago          1.29GB
root@eve-ng:~#

It must be like this...

tnizharadze · Post by **tnizharadze** » Thu Dec 05, 2019 6:21 pm

Of course. All images was installed.

Code: Select all

root@eve-ng:~# dc images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
eve-wireshark       latest              30034d8ba890        3 weeks ago         1.14GB
eve-firefox         latest              95bd9004b627        3 weeks ago         1.69GB
eve-desktop         latest              40bba6e232ea        3 weeks ago         2.61GB
eve-gui-server      latest              bccd88e41cee        3 weeks ago         3.34GB
dockergui-rdp       latest              7be029f6be34        3 weeks ago         742MB

Besides I wrote, that it often doesn`t works. It means that it works sometimes.

A problem occurs, I propose, when lab is turnet on for 1 or 2 days.

Uldis (UD) · Post by **Uldis (UD)** » Thu Dec 05, 2019 6:38 pm

if your lab is turned on 2-10 days,
be so kind and relogin to the eve web .. Main EVE Web
html sessions are short time access...

tnizharadze · Post by **tnizharadze** » Sat Dec 07, 2019 8:47 am

That's not a case. Relogin doesn't solve a problem. Solves only VM restart.
So, is there any posibility to disable embedded Wireshark?

Thanks alot.

Uldis (UD) · Post by **Uldis (UD)** » Sat Dec 07, 2019 2:24 pm

no, embedded wireshark works flwless until you had not tuned eve itself or browsers.
Recommended browsers are chrome and firefox.
Another issue is if you loose connection to EVE then it will happen as well..
This happens if EVE access is used over VPN or online..
and if your session was open and then you got disconnect to eve, then this sessin terminates.. and need relogin in EVE web itself again

Post by **ecze** » Wed Dec 11, 2019 5:21 pm

login issue when you click on any html5 console "logout" button

Indeed, when you stop a node on a topology with html5 console still open, you see

Screenshot 2019-12-11 at 18.18.24.png

if you click logout, then all html5 session will be locked with screen like:

Screenshot 2019-12-11 at 18.20.04.png

Do not click on logout....

E.

Support and News Forum

Embedded WIreShark not works

Embedded WIreShark not works

Re: Embedded WIreShark not works

Re: Embedded WIreShark not works

Re: Embedded WIreShark not works

Re: Embedded WIreShark not works

Re: Embedded WIreShark not works

Re: Embedded WIreShark not works