Wireshark on eve-ng pro

Moderator: mike

kiteboy
Posts: 42
Joined: Wed Feb 12, 2020 7:43 am
Location: UK
Contact:

Wireshark on eve-ng pro

Post by kiteboy » Wed Jul 13, 2022 4:32 pm

Do anyone no how to stop this opening up a window in eve and running a version that this nested so to speak.

I want it to work like it did with eve community and fire up Wireshark on my local machine.
reason being I want to easily be able to save capture and change setting permanently in Wireshark

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Wireshark on eve-ng pro

Post by Uldis (UD) » Mon Jul 18, 2022 5:54 am

No,
EVE Pro only integrated Wireshark due the security reasons

Soter
Posts: 8
Joined: Wed Dec 13, 2017 6:12 pm

Re: Wireshark on eve-ng pro

Post by Soter » Fri Sep 23, 2022 9:17 am

Uldis (UD) wrote:
Mon Jul 18, 2022 5:54 am
No,
EVE Pro only integrated Wireshark due the security reasons
Hi I also think this feels wrong, not having the desktop wireshark available, as the embedded wireshark takes up too much space, and just feels limmited.
So what security reasons might that be? I mean most users use Eve-ng as a closed testing, or POC enviroment and never in any production.

Br. Soter

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Wireshark on eve-ng pro

Post by Uldis (UD) » Fri Sep 23, 2022 7:28 pm

EVE Pro have only integrated docker wireshark

aldro
Posts: 12
Joined: Wed Sep 14, 2022 1:17 pm

Re: Wireshark on eve-ng pro

Post by aldro » Wed Oct 12, 2022 11:21 am

Hello, Colleagues.
I run the wireshark built into eve-ng pro,
then forgetting to stop and close it, I closed the window with the eve-ng WEB interface.
Please tell me where the collected traffic is stored and the Wireshark instance is not closed to clear it from HD?
it seems to me that it took up quite a lot of space

kiteboy
Posts: 42
Joined: Wed Feb 12, 2020 7:43 am
Location: UK
Contact:

Re: Wireshark on eve-ng pro

Post by kiteboy » Wed Oct 19, 2022 9:40 pm

#############
Last edited by kiteboy on Wed Oct 19, 2022 9:53 pm, edited 2 times in total.

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Wireshark on eve-ng pro

Post by Uldis (UD) » Wed Oct 19, 2022 9:41 pm

aldro wrote:
Wed Oct 12, 2022 11:21 am
Hello, Colleagues.
I run the wireshark built into eve-ng pro,
then forgetting to stop and close it, I closed the window with the eve-ng WEB interface.
Please tell me where the collected traffic is stored and the Wireshark instance is not closed to clear it from HD?
it seems to me that it took up quite a lot of space
Please read the eve pro cookbook sometimes, there is explained how to store wireshark files from eve labs

kiteboy
Posts: 42
Joined: Wed Feb 12, 2020 7:43 am
Location: UK
Contact:

Re: Wireshark on eve-ng pro

Post by kiteboy » Wed Oct 19, 2022 9:52 pm

I still thing the pro version behaviour here is less prefered than the community version
Now on Pro I canont run wireshark at all

Appart from this one thing great work though




##############################
SLIM APPLICATION ERROR
The application could not run because of the following error:

DETAILS
Type: ErrorException
Code: 8
Message: Undefined offset: 0
File: /opt/unetlab/html/includes/api_capture.php
Line: 99
TRACE
#0 /opt/unetlab/html/includes/api_capture.php(99): Slim\Slim::handleErrors()
#1 /opt/unetlab/html/api.php(1575): apiCapture()
#2 /opt/unetlab/html/includes/Slim/Route.php(468): {closure}()
#3 /opt/unetlab/html/includes/Slim/Slim.php(1357): Slim\Route->dispatch()
#4 /opt/unetlab/html/includes/Slim/Middleware/Flash.php(85): Slim\Slim->call()
#5 /opt/unetlab/html/includes/Slim/Middleware/MethodOverride.php(92): Slim\Middleware\Flash->call()
#6 /opt/unetlab/html/includes/Slim/Middleware/PrettyExceptions.php(67): Slim\Middleware\MethodOverride->call()
#7 /opt/unetlab/html/includes/Slim/Slim.php(1302): Slim\Middleware\PrettyExceptions->call()
#8 /opt/unetlab/html/api.php(2476): Slim\Slim->run()
#9 {main}

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: Wireshark on eve-ng pro

Post by Uldis (UD) » Wed Oct 19, 2022 9:54 pm

YOU HAVE NOT installed EVE Pro dockers at all !!
it is mandatory

apt update
apt install eve-ng-dockers

kiteboy
Posts: 42
Joined: Wed Feb 12, 2020 7:43 am
Location: UK
Contact:

Re: Wireshark on eve-ng pro

Post by kiteboy » Mon Feb 06, 2023 9:54 pm

Hi Uldis

Thanks this was working and has stoped , I will try installing the dockers but .....
not supporting external wireshark is a step backwards between community >> professional.
There are good reasons to want this external, plugins and disectors for wireshark.
I do not buy the security reasons explaination, this is a product I run in my own lab, there cannot be any "security issues ".

Regards

Simon

Post Reply