Page 1 of 2
Wireshark on eve-ng pro
Posted: Wed Jul 13, 2022 4:32 pm
by kiteboy
Do anyone no how to stop this opening up a window in eve and running a version that this nested so to speak.
I want it to work like it did with eve community and fire up Wireshark on my local machine.
reason being I want to easily be able to save capture and change setting permanently in Wireshark
Re: Wireshark on eve-ng pro
Posted: Mon Jul 18, 2022 5:54 am
by Uldis (UD)
No,
EVE Pro only integrated Wireshark due the security reasons
Re: Wireshark on eve-ng pro
Posted: Fri Sep 23, 2022 9:17 am
by Soter
Uldis (UD) wrote: ↑Mon Jul 18, 2022 5:54 am
No,
EVE Pro only integrated Wireshark due the security reasons
Hi I also think this feels wrong, not having the desktop wireshark available, as the embedded wireshark takes up too much space, and just feels limmited.
So what security reasons might that be? I mean most users use Eve-ng as a closed testing, or POC enviroment and never in any production.
Br. Soter
Re: Wireshark on eve-ng pro
Posted: Fri Sep 23, 2022 7:28 pm
by Uldis (UD)
EVE Pro have only integrated docker wireshark
Re: Wireshark on eve-ng pro
Posted: Wed Oct 12, 2022 11:21 am
by aldro
Hello, Colleagues.
I run the wireshark built into eve-ng pro,
then forgetting to stop and close it, I closed the window with the eve-ng WEB interface.
Please tell me where the collected traffic is stored and the Wireshark instance is not closed to clear it from HD?
it seems to me that it took up quite a lot of space
Re: Wireshark on eve-ng pro
Posted: Wed Oct 19, 2022 9:40 pm
by kiteboy
#############
Re: Wireshark on eve-ng pro
Posted: Wed Oct 19, 2022 9:41 pm
by Uldis (UD)
aldro wrote: ↑Wed Oct 12, 2022 11:21 am
Hello, Colleagues.
I run the wireshark built into eve-ng pro,
then forgetting to stop and close it, I closed the window with the eve-ng WEB interface.
Please tell me where the collected traffic is stored and the Wireshark instance is not closed to clear it from HD?
it seems to me that it took up quite a lot of space
Please read the eve pro cookbook sometimes, there is explained how to store wireshark files from eve labs
Re: Wireshark on eve-ng pro
Posted: Wed Oct 19, 2022 9:52 pm
by kiteboy
I still thing the pro version behaviour here is less prefered than the community version
Now on Pro I canont run wireshark at all
Appart from this one thing great work though
##############################
SLIM APPLICATION ERROR
The application could not run because of the following error:
DETAILS
Type: ErrorException
Code: 8
Message: Undefined offset: 0
File: /opt/unetlab/html/includes/api_capture.php
Line: 99
TRACE
#0 /opt/unetlab/html/includes/api_capture.php(99): Slim\Slim::handleErrors()
#1 /opt/unetlab/html/api.php(1575): apiCapture()
#2 /opt/unetlab/html/includes/Slim/Route.php(468): {closure}()
#3 /opt/unetlab/html/includes/Slim/Slim.php(1357): Slim\Route->dispatch()
#4 /opt/unetlab/html/includes/Slim/Middleware/Flash.php(85): Slim\Slim->call()
#5 /opt/unetlab/html/includes/Slim/Middleware/MethodOverride.php(92): Slim\Middleware\Flash->call()
#6 /opt/unetlab/html/includes/Slim/Middleware/PrettyExceptions.php(67): Slim\Middleware\MethodOverride->call()
#7 /opt/unetlab/html/includes/Slim/Slim.php(1302): Slim\Middleware\PrettyExceptions->call()
#8 /opt/unetlab/html/api.php(2476): Slim\Slim->run()
#9 {main}
Re: Wireshark on eve-ng pro
Posted: Wed Oct 19, 2022 9:54 pm
by Uldis (UD)
YOU HAVE NOT installed EVE Pro dockers at all !!
it is mandatory
apt update
apt install eve-ng-dockers
Re: Wireshark on eve-ng pro
Posted: Mon Feb 06, 2023 9:54 pm
by kiteboy
Hi Uldis
Thanks this was working and has stoped , I will try installing the dockers but .....
not supporting external wireshark is a step backwards between community >> professional.
There are good reasons to want this external, plugins and disectors for wireshark.
I do not buy the security reasons explaination, this is a product I run in my own lab, there cannot be any "security issues ".
Regards
Simon