Wireshark-users: [Wireshark-users] Mechanism used by Wireshark to list Interfaces for Monitoring
I am trying to understand the process as to how Wireshark version 1.10.8, running on Fedora 10 64-bit, determines which interfaces it can use to monitor traffic. I have a Riverbed TurboCAP board installed, along with its drivers and using a terminal level command I can verify the eight TurboCAP Ethernet interfaces are active. Nevertheless, Wireshark does not show the eight TurboCAP interfaces. Initially, Wireshark did not show the onboard eth0 interface either, but after performing an “ifup eth0” command, Wireshark was able to list it as an interface it could use.
I did read a FAQ on the Wireshark website which implied I may have to create a Wireshark group, change its permissions and ensure that only the root or a user in the Wireshark group could start Wireshark. I also read that I may have to check the kernel has this configuration statement, “packet socket= enabled”. I will look into this but I’m not sure this will resolve this issue. Prior to installing Wireshark ver 1.10.8, I did have an earlier version of Wireshark working and it was able to list all of the eight TurboCAP interfaces and eth0, but I had to install a later version of Wireshark in order to support LUA and when I removed the earlier version of Wireshark, that’s when various issues arose. Using the yum command I removed the previous version of Wireshark but due to subsequent dependency issues I had to spend a significant amount of time identifying what packages were needed to install the source package for Wireshark ver. 1.10.8. After all was said and done, I basically ended up installing the Qt package to get past an error “configure: error: Qt is not available” and I finally was able to install the source package for Wireshark 1.10.8, but without access to the TurboCAP interfaces.
The TurboCAP board comes with these software components:
- 1. Kernel-2.6.27.12-170.2.5.preemptive.kernel.kt.fc10.x86_64.rpm
- 2. Kernel-devel-2.6.27.12.-170.2.5.preemptive.kernel.kt.fc10.x86_64.rpm
- 3. Kernel-frimware-2.6.27.12.-170.2.5.preemptive.kernel.kt.fc10.x86_64.rpm
- 4. Kernel-headers-2.6.27.12.-170.2.5.preemptive.kernel.kt.fc10.x86_64.rpm
- 5. Libpcap-1.0.0-tc_17.fc10.x86_64.rpm
- 6. Libpcap-devel-1.0.0-tc_17.fc10.x86_64.rpm
- 7. Turbocap-1.6.2117-1.fc10.x86_64.rpm
- 8. Turbocap-module-2.6.27.12-170.2.5.preemptive.kernel.kt.fc10-1.6.2117-1.fc10.x86_64.rpm
Only item #1, #3, #7, and #8 are needed to support the overall functionality of the TurboCAP board. I later installed item #2 and #4, prior to installing the driver for the onboard NIC, eth0. I believe those software components were needed because prior to that when I installed the onboard NIC driver, it would break something and I could no longer pull up the TurboCAP interfaces via the special command, “tcscandev –v”. I am past that point and know how to get the onboard Ethernet NIC driver to work along with the driver for the TurboCAP board interfaces, but this latest issue now is blocking everything I had working.
I am a Linux novice but know enough to be dangerous, which can be good or bad. I realize this is a complicated issue and there’s more to this whole process but all I’m looking for is any guide or advice, on where to go to find out how Wireshark determines which interfaces it will list as available interfaces for it to capture and monitor traffic. Thanks in advance for any help.
-= Jesse