Wireshark on eve-ng pro
Moderator: mike
-
- Posts: 42
- Joined: Wed Feb 12, 2020 7:43 am
- Location: UK
- Contact:
Wireshark on eve-ng pro
Do anyone no how to stop this opening up a window in eve and running a version that this nested so to speak.
I want it to work like it did with eve community and fire up Wireshark on my local machine.
reason being I want to easily be able to save capture and change setting permanently in Wireshark
I want it to work like it did with eve community and fire up Wireshark on my local machine.
reason being I want to easily be able to save capture and change setting permanently in Wireshark
-
- Posts: 5080
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Wireshark on eve-ng pro
No,
EVE Pro only integrated Wireshark due the security reasons
EVE Pro only integrated Wireshark due the security reasons
-
- Posts: 8
- Joined: Wed Dec 13, 2017 6:12 pm
Re: Wireshark on eve-ng pro
Hi I also think this feels wrong, not having the desktop wireshark available, as the embedded wireshark takes up too much space, and just feels limmited.Uldis (UD) wrote: ↑Mon Jul 18, 2022 5:54 amNo,
EVE Pro only integrated Wireshark due the security reasons
So what security reasons might that be? I mean most users use Eve-ng as a closed testing, or POC enviroment and never in any production.
Br. Soter
-
- Posts: 5080
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Wireshark on eve-ng pro
EVE Pro have only integrated docker wireshark
-
- Posts: 12
- Joined: Wed Sep 14, 2022 1:17 pm
Re: Wireshark on eve-ng pro
Hello, Colleagues.
I run the wireshark built into eve-ng pro,
then forgetting to stop and close it, I closed the window with the eve-ng WEB interface.
Please tell me where the collected traffic is stored and the Wireshark instance is not closed to clear it from HD?
it seems to me that it took up quite a lot of space
I run the wireshark built into eve-ng pro,
then forgetting to stop and close it, I closed the window with the eve-ng WEB interface.
Please tell me where the collected traffic is stored and the Wireshark instance is not closed to clear it from HD?
it seems to me that it took up quite a lot of space
-
- Posts: 42
- Joined: Wed Feb 12, 2020 7:43 am
- Location: UK
- Contact:
Re: Wireshark on eve-ng pro
#############
Last edited by kiteboy on Wed Oct 19, 2022 9:53 pm, edited 2 times in total.
-
- Posts: 5080
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Wireshark on eve-ng pro
Please read the eve pro cookbook sometimes, there is explained how to store wireshark files from eve labsaldro wrote: ↑Wed Oct 12, 2022 11:21 amHello, Colleagues.
I run the wireshark built into eve-ng pro,
then forgetting to stop and close it, I closed the window with the eve-ng WEB interface.
Please tell me where the collected traffic is stored and the Wireshark instance is not closed to clear it from HD?
it seems to me that it took up quite a lot of space
-
- Posts: 42
- Joined: Wed Feb 12, 2020 7:43 am
- Location: UK
- Contact:
Re: Wireshark on eve-ng pro
I still thing the pro version behaviour here is less prefered than the community version
Now on Pro I canont run wireshark at all
Appart from this one thing great work though
##############################
SLIM APPLICATION ERROR
The application could not run because of the following error:
DETAILS
Type: ErrorException
Code: 8
Message: Undefined offset: 0
File: /opt/unetlab/html/includes/api_capture.php
Line: 99
TRACE
#0 /opt/unetlab/html/includes/api_capture.php(99): Slim\Slim::handleErrors()
#1 /opt/unetlab/html/api.php(1575): apiCapture()
#2 /opt/unetlab/html/includes/Slim/Route.php(468): {closure}()
#3 /opt/unetlab/html/includes/Slim/Slim.php(1357): Slim\Route->dispatch()
#4 /opt/unetlab/html/includes/Slim/Middleware/Flash.php(85): Slim\Slim->call()
#5 /opt/unetlab/html/includes/Slim/Middleware/MethodOverride.php(92): Slim\Middleware\Flash->call()
#6 /opt/unetlab/html/includes/Slim/Middleware/PrettyExceptions.php(67): Slim\Middleware\MethodOverride->call()
#7 /opt/unetlab/html/includes/Slim/Slim.php(1302): Slim\Middleware\PrettyExceptions->call()
#8 /opt/unetlab/html/api.php(2476): Slim\Slim->run()
#9 {main}
Now on Pro I canont run wireshark at all
Appart from this one thing great work though
##############################
SLIM APPLICATION ERROR
The application could not run because of the following error:
DETAILS
Type: ErrorException
Code: 8
Message: Undefined offset: 0
File: /opt/unetlab/html/includes/api_capture.php
Line: 99
TRACE
#0 /opt/unetlab/html/includes/api_capture.php(99): Slim\Slim::handleErrors()
#1 /opt/unetlab/html/api.php(1575): apiCapture()
#2 /opt/unetlab/html/includes/Slim/Route.php(468): {closure}()
#3 /opt/unetlab/html/includes/Slim/Slim.php(1357): Slim\Route->dispatch()
#4 /opt/unetlab/html/includes/Slim/Middleware/Flash.php(85): Slim\Slim->call()
#5 /opt/unetlab/html/includes/Slim/Middleware/MethodOverride.php(92): Slim\Middleware\Flash->call()
#6 /opt/unetlab/html/includes/Slim/Middleware/PrettyExceptions.php(67): Slim\Middleware\MethodOverride->call()
#7 /opt/unetlab/html/includes/Slim/Slim.php(1302): Slim\Middleware\PrettyExceptions->call()
#8 /opt/unetlab/html/api.php(2476): Slim\Slim->run()
#9 {main}
-
- Posts: 5080
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Wireshark on eve-ng pro
YOU HAVE NOT installed EVE Pro dockers at all !!
it is mandatory
apt update
apt install eve-ng-dockers
it is mandatory
apt update
apt install eve-ng-dockers
-
- Posts: 42
- Joined: Wed Feb 12, 2020 7:43 am
- Location: UK
- Contact:
Re: Wireshark on eve-ng pro
Hi Uldis
Thanks this was working and has stoped , I will try installing the dockers but .....
not supporting external wireshark is a step backwards between community >> professional.
There are good reasons to want this external, plugins and disectors for wireshark.
I do not buy the security reasons explaination, this is a product I run in my own lab, there cannot be any "security issues ".
Regards
Simon
Thanks this was working and has stoped , I will try installing the dockers but .....
not supporting external wireshark is a step backwards between community >> professional.
There are good reasons to want this external, plugins and disectors for wireshark.
I do not buy the security reasons explaination, this is a product I run in my own lab, there cannot be any "security issues ".
Regards
Simon