On 160321-10:54-0400, Jeff Morriss wrote:
> On Sat, Mar 19, 2016 at 10:53 AM, Miroslav Rovis <
> miro.rovis@xxxxxxxxxxxxxxxxx> wrote:
>
> > Hi!
> >
Hi!
You already helped me with the important link, after which I can't stop
decrypting SSL ;-) :
The SSL tcp stream decoding in Users' Manual?
https://www.wireshark.org/lists/wireshark-users/201509/msg00011.html
And I thanked you here:
(8644 views currently)
SSL Decode & My Hard-Earned Advice for SPDY/HTTP2 in Firefox
https://forums.gentoo.org/viewtopic-t-1029408.html#7819968
(and mentioned you later as well, when I found you among the top
Wireshark developers, but can't find that page on Gentoo Forums quickly)
However, two things.
This, the first thing:
> > Here is a recent log:
> >
> > Mar 19 15:07:01 g5n kernel: [10907.301170] grsec: (miro:U:/) exec of
> > /usr/bin/dumpcap (/usr/bin/dumpcap -S -Z none ) by
> > /usr/bin/dumpcap[wireshark:11319] uid/euid:1000/1000 gid/egid:1000/1000,
> > parent /usr/bin/wireshark[wireshark:12197] uid/euid:1000/1000
> > gid/egid:1000/1000
> >
>
> [...]
>
has stopped. So it could be something else the reason, as I run dumpcap
from normal user terminal, via sudo.
And back at the time of that periodically occuring kind of log swamping
by Wireshark, I wasn't even running dumpcap...
So it must be something else missing in the picture. The next time it
occurs, if it does, I'll be back to tell about it.
>
> Wireshark is starting dumpcap periodically to check the status of the
> interfaces (and also get statistics from them). I think the only way
> you'll be able to disable this (from the Wireshark side) is to make it so
> you don't have permission to start dumpcap (from Wireshark). Obviously
> this conflicts with your use of dumpcap (as the same user) to actually
> capture.
>
> I suppose a simpler method would be to simply rename dumpcap to something
> you'll know but Wireshark won't, e.g., `dumpcap-real`.
And the second thing is, I kept looking if there were replies for a day
or two, and then I thought I put a stupid question, and that nobody
would reply.
Thanks, Jeff, you're one of my heroes, and Wireshark is great! (If only
I had such understanding to be able to contribute... I hope at least
when I post about it, I attract a few newbies...)
Regards!
--
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Attachment:
signature.asc
Description: PGP signature