Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nflog in qt and gtk

From: Peter Wu <peter () lekensteyn nl>
Date: Fri, 19 Dec 2014 12:35:47 +0100
On Friday 19 December 2014 11:55:47 Dario Lombardo wrote:

On Fri, Dec 19, 2014 at 11:44 AM, Peter Wu <peter () lekensteyn nl> wrote:



Nope, it won't work at the moment. The problem is that NFLOG can only be
opened by one user which is a kernel limitation. From
net/netfilter/nfnetlink_log.c:

        inst = instance_lookup_get(log, group_num);
        if (inst && inst->peer_portid != NETLINK_CB(skb).portid) {
                ret = -EPERM;
                goto out_put;
        }



When wireshark-qt waits in the main screen, it shows a graph for each
interface. Is it generated by "dumpcap -S -Z none"? When capture starts,
those graphs are not shown anymore. Wouldn't be a solution to kill "dumpcap
-S -Z none" when in capture and re-run it again when in home screen?


Kill statistics before starting the capture? Sounds fine to me, though I
am not sure whether it has other side-effects. The Capture -> Options
dialog is another place where these stats are visible.
-- 
Kind regards,
Peter
https://lekensteyn.nl

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: