Closed TomyLobo closed 2 years ago
ok, I think I figured it out. This commit from WireShark 3.3.0 adds support for network type 276 (LINKTYPE_LINUX_SLL2): https://github.com/wireshark/wireshark/commit/7e7db3e91ce50f1f3ba35f88aff83c66b5f9bf97 So basically I either need to upgrade WireShark or tell ksniff to write as Linux "cooked" capture encapsulation v1 instead if v2.
ok, I confirmed that updating WireShark to 3.4.8 (using the official PPA) fixes this issue.
But can you still add something to pass extra arguments to tcpdump? That'd probably help someone else who is either unwilling or unable to update their WireShark. It might also help with future issues or special applications.
Also, can you please add a version requirement of 3.3.0 for WireShark in README.md?
There's a mention of wireshark in the known issues section of readme but I think adding a clearer version requirement is needed. I'll get that in!
Environment
I'm running a 2-node k3s cluster. Both nodes run on k3os. I installed krew and then ksniff, as described here:
Client OS is Kubuntu 18.04. WireShark version is 2.6.10 (Git v2.6.10 packaged as 2.6.10-1~ubuntu18.04.0). kubectl is installed from a snap.
Repro
I ran the following command:
(-p was necessary because the Grafana container isn't privileged, while the --socket was necessary because k3s has its containerd.sock elsewhere)
This command correctly started up Wireshark and the packets are flowing in. However, none of them are being dissected correctly. they show with as "WTAP_ENCAP = 0" in the Info column. If I cause some unencrypted traffic, I can read it in the lower pane.
If I try to save the captured packets to a file, I get the following error:
WireShark doesn't allow me to save as any other file type other than "HP-UX nettl trace".
I also tried capturing to a file:
Opening that file in Wireshark yields the following error: