Wireshark mailing list archives
Re: How to rid of queries swamping logs in non-online Wireshark
From: Miroslav Rovis <miro.rovis () croatiafidelis hr>
Date: Tue, 29 Mar 2016 15:12:39 +0200
On 160321-10:54-0400, Jeff Morriss wrote:
On Sat, Mar 19, 2016 at 10:53 AM, Miroslav Rovis < miro.rovis () croatiafidelis hr> wrote:Hi!
Hi! You already helped me with the important link, after which I can't stop decrypting SSL ;-) : The SSL tcp stream decoding in Users' Manual? https://www.wireshark.org/lists/wireshark-users/201509/msg00011.html And I thanked you here: (8644 views currently) SSL Decode & My Hard-Earned Advice for SPDY/HTTP2 in Firefox https://forums.gentoo.org/viewtopic-t-1029408.html#7819968 (and mentioned you later as well, when I found you among the top Wireshark developers, but can't find that page on Gentoo Forums quickly) However, two things. This, the first thing:
Here is a recent log: Mar 19 15:07:01 g5n kernel: [10907.301170] grsec: (miro:U:/) exec of /usr/bin/dumpcap (/usr/bin/dumpcap -S -Z none ) by /usr/bin/dumpcap[wireshark:11319] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/wireshark[wireshark:12197] uid/euid:1000/1000 gid/egid:1000/1000[...]
has stopped. So it could be something else the reason, as I run dumpcap from normal user terminal, via sudo. And back at the time of that periodically occuring kind of log swamping by Wireshark, I wasn't even running dumpcap... So it must be something else missing in the picture. The next time it occurs, if it does, I'll be back to tell about it.
Wireshark is starting dumpcap periodically to check the status of the interfaces (and also get statistics from them). I think the only way you'll be able to disable this (from the Wireshark side) is to make it so you don't have permission to start dumpcap (from Wireshark). Obviously this conflicts with your use of dumpcap (as the same user) to actually capture. I suppose a simpler method would be to simply rename dumpcap to something you'll know but Wireshark won't, e.g., `dumpcap-real`.
And the second thing is, I kept looking if there were replies for a day or two, and then I thought I put a stupid question, and that nobody would reply. Thanks, Jeff, you're one of my heroes, and Wireshark is great! (If only I had such understanding to be able to contribute... I hope at least when I post about it, I attract a few newbies...) Regards! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr
Attachment:
signature.asc
Description:
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How to rid of queries swamping logs in non-online Wireshark Miroslav Rovis (Mar 19)
- Re: How to rid of queries swamping logs in non-online Wireshark Jeff Morriss (Mar 21)
- Re: How to rid of queries swamping logs in non-online Wireshark Miroslav Rovis (Mar 29)
- Re: How to rid of queries swamping logs in non-online Wireshark Jeff Morriss (Mar 29)
- Re: How to rid of queries swamping logs in non-online Wireshark Miroslav Rovis (Mar 29)
- Re: How to rid of queries swamping logs in non-online Wireshark Miroslav Rovis (Mar 29)
- Re: How to rid of queries swamping logs in non-online Wireshark Jeff Morriss (Mar 21)