Mechanism used by Wireshark to list Interfaces for Monitoring

[Jay Flow <jayflow4780 () gmail com>]

I am trying to understand the process as to how Wireshark version 1.10.8,
running on Fedora 10 64-bit, determines which interfaces it can use to
monitor traffic.  I have a Riverbed TurboCAP board installed, along with
its drivers and using a terminal level command I can verify the eight
TurboCAP Ethernet interfaces are active.  Nevertheless, Wireshark does not
show the eight TurboCAP interfaces.  Initially, Wireshark did not show the
onboard eth0 interface either, but after performing an “ifup eth0” command,
Wireshark was able to list it as an interface it could use.


I did read a FAQ on the Wireshark website which implied I may have to
create a Wireshark group, change its permissions and ensure that only the
root or a user in the Wireshark group could start Wireshark.  I also read
that I may have to check the kernel has this configuration statement,
“packet socket= enabled”.  I will look into this but I’m not sure this will
resolve this issue.  Prior to installing Wireshark ver 1.10.8, I did have
an earlier version of Wireshark working and it was able to list all of the
eight TurboCAP interfaces and eth0, but I had to install a later version of
Wireshark in order to support LUA and when I removed the earlier version of
Wireshark, that’s when various issues arose.  Using the yum command I
removed the previous version of Wireshark but due to subsequent dependency
issues I had to spend a significant amount of time identifying what
packages were needed to install the source package for Wireshark ver.
1.10.8.  After all was said and done, I basically ended up installing the
Qt package to get past an error “configure: error: Qt is not available” and
I finally was able to install the source package for Wireshark 1.10.8, but
without access to the TurboCAP interfaces.


The TurboCAP board comes with these software components:



   1. 1. Kernel-2.6.27.12-170.2.5.preemptive.kernel.kt.fc10.x86_64.rpm
   2. 2.
   Kernel-devel-2.6.27.12.-170.2.5.preemptive.kernel.kt.fc10.x86_64.rpm
   3. 3.
   Kernel-frimware-2.6.27.12.-170.2.5.preemptive.kernel.kt.fc10.x86_64.rpm
   4. 4.
   Kernel-headers-2.6.27.12.-170.2.5.preemptive.kernel.kt.fc10.x86_64.rpm
   5. 5. Libpcap-1.0.0-tc_17.fc10.x86_64.rpm
   6. 6. Libpcap-devel-1.0.0-tc_17.fc10.x86_64.rpm
   7. 7. Turbocap-1.6.2117-1.fc10.x86_64.rpm
   8. 8.
   Turbocap-module-2.6.27.12-170.2.5.preemptive.kernel.kt.fc10-1.6.2117-1.fc10.x86_64.rpm


Only item #1, #3, #7, and #8 are needed to support the overall
functionality of the TurboCAP board.  I later installed item #2 and #4,
prior to installing the driver for the onboard NIC, eth0.  I believe those
software components were needed because prior to that when I installed the
onboard NIC driver, it would break something and I could no longer pull up
the TurboCAP interfaces via the special command, “tcscandev –v”.  I am past
that point and know how to get the onboard Ethernet NIC driver to work
along with the driver for the TurboCAP board interfaces, but this latest
issue now is blocking everything I had working.


I am a Linux novice but know enough to be dangerous, which can be good or
bad.  I realize this is a complicated issue and there’s more to this whole
process but all I’m looking for is any guide or advice, on where to go to
find out how Wireshark determines which interfaces it will list as
available interfaces for it to capture and monitor traffic.  Thanks in
advance for any help.


-= Jesse

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe