Wireshark mailing list archives
Re: How to rid of queries swamping logs in non-online Wireshark
From: Miroslav Rovis <miro.rovis () croatiafidelis hr>
Date: Wed, 30 Mar 2016 07:21:26 +0200
On 160329-11:29-0400, Jeff Morriss wrote:
On Tue, Mar 29, 2016 at 9:12 AM, Miroslav Rovis < miro.rovis () croatiafidelis hr> wrote:On 160321-10:54-0400, Jeff Morriss wrote:On Sat, Mar 19, 2016 at 10:53 AM, Miroslav Rovis < miro.rovis () croatiafidelis hr> wrote:Hi!Hi! You already helped me with the important link, after which I can't stop decrypting SSL ;-) : The SSL tcp stream decoding in Users' Manual? https://www.wireshark.org/lists/wireshark-users/201509/msg00011.htmlYou mean add the SSL decoding stuff to the manual (rather than just in the Wiki)? I'm a bit hesitant to duplicate information--especially given how helping others.) >
Of course not good duplicating. You helped me by giving me that link.
This, the first thing:Here is a recent log: Mar 19 15:07:01 g5n kernel: [10907.301170] grsec: (miro:U:/) exec of /usr/bin/dumpcap (/usr/bin/dumpcap -S -Z none ) by /usr/bin/dumpcap[wireshark:11319] uid/euid:1000/1000gid/egid:1000/1000,parent /usr/bin/wireshark[wireshark:12197] uid/euid:1000/1000 gid/egid:1000/1000[...]has stopped. So it could be something else the reason, as I run dumpcap from normal user terminal, via sudo. And back at the time of that periodically occuring kind of log swamping by Wireshark, I wasn't even running dumpcap... So it must be something else missing in the picture. The next time it occurs, if it does, I'll be back to tell about it.OK, I was thinking that Wireshark (the GUI) was periodically running dumpcap. I know it does at least at startup but I don't know how it gets the interface statistics (the sparklines next to the interfaces in the Qt UI)--I assumed it was running it periodically.
Will be back here if it happens again. Why it happened know even less than you. Especially since it's not happened since then.
And the second thing is, I kept looking if there were replies for a dayor two, and then I thought I put a stupid question, and that nobody would reply.Do you mean that you didn't get a copy of the reply?
Oh I did. I just quit looking after a day or two for the reply. My fault! I should have.
Are you subscribed to the list?
Of course I am.
If not it's generally a good idea to tell people to be sure to Cc: you on their reply otherwise they will reply just to the list (that's the default behavior for the list)--and you'll only see the reply if you go searching in the list archives. Thanks, Jeff, you're one of my heroes, and Wireshark is great! (If onlyI had such understanding to be able to contribute... I hope at least when I post about it, I attract a few newbies...)No problem. :-)
Thanks again! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr
Attachment:
signature.asc
Description:
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How to rid of queries swamping logs in non-online Wireshark Miroslav Rovis (Mar 19)
- Re: How to rid of queries swamping logs in non-online Wireshark Jeff Morriss (Mar 21)
- Re: How to rid of queries swamping logs in non-online Wireshark Miroslav Rovis (Mar 29)
- Re: How to rid of queries swamping logs in non-online Wireshark Jeff Morriss (Mar 29)
- Re: How to rid of queries swamping logs in non-online Wireshark Miroslav Rovis (Mar 29)
- Re: How to rid of queries swamping logs in non-online Wireshark Miroslav Rovis (Mar 29)
- Re: How to rid of queries swamping logs in non-online Wireshark Jeff Morriss (Mar 21)