Wireshark-users: Re: [Wireshark-users] How to rid of queries swamping logs in non-online Wireshar

Date Prev · Date Next · Thread Prev · Thread Next
From: Miroslav Rovis <miro.rovis@xxxxxxxxxxxxxxxxx>
Date: Wed, 30 Mar 2016 07:21:26 +0200
On 160329-11:29-0400, Jeff Morriss wrote:
> On Tue, Mar 29, 2016 at 9:12 AM, Miroslav Rovis <
> miro.rovis@xxxxxxxxxxxxxxxxx> wrote:
> 
> > On 160321-10:54-0400, Jeff Morriss wrote:
> > > On Sat, Mar 19, 2016 at 10:53 AM, Miroslav Rovis <
> > > miro.rovis@xxxxxxxxxxxxxxxxx> wrote:
> > >
> > > > Hi!
> > > >
> > Hi!
> > You already helped me with the important link, after which I can't stop
> > decrypting SSL ;-) :
> > The SSL tcp stream decoding in Users' Manual?
> > https://www.wireshark.org/lists/wireshark-users/201509/msg00011.html
> 
> 
> You mean add the SSL decoding stuff to the manual (rather than just in the
> Wiki)?  I'm a bit hesitant to duplicate information--especially given how
> helping others.) > 
Of course not good duplicating. You helped me by giving me that link.
> This, the first thing:
> > > > Here is a recent log:
> > > >
> > > > Mar 19 15:07:01 g5n kernel: [10907.301170] grsec: (miro:U:/) exec of
> > > > /usr/bin/dumpcap (/usr/bin/dumpcap -S -Z none ) by
> > > > /usr/bin/dumpcap[wireshark:11319] uid/euid:1000/1000
> > gid/egid:1000/1000,
> > > > parent /usr/bin/wireshark[wireshark:12197] uid/euid:1000/1000
> > > > gid/egid:1000/1000
> > > >
> > >
> > > [...]
> > >
> > has stopped. So it could be something else the reason, as I run dumpcap
> > from normal user terminal, via sudo.
> >
> > And back at the time of that periodically occuring kind of log swamping
> > by Wireshark, I wasn't even running dumpcap...
> >
> > So it must be something else missing in the picture. The next time it
> > occurs, if it does, I'll be back to tell about it.
> >
> 
> OK, I was thinking that Wireshark (the GUI) was periodically running
> dumpcap.  I know it does at least at startup but I don't know how it gets
> the interface statistics (the sparklines next to the interfaces in the Qt
> UI)--I assumed it was running it periodically.
>
Will be back here if it happens again. Why it happened know even less
than you. Especially since it's not happened since then.
> And the second thing is, I kept looking if there were replies for a day
> > or two, and then I thought I put a stupid question, and that nobody
> > would reply.
> >
> 
> Do you mean that you didn't get a copy of the reply?
Oh I did. I just quit looking after a day or two for the reply. My
fault! I should have.
> Are you subscribed to
> the list?
Of course I am.
> If not it's generally a good idea to tell people to be sure to
> Cc: you on their reply otherwise they will reply just to the list (that's
> the default behavior for the list)--and you'll only see the reply if you go
> searching in the list archives.
> 
> Thanks, Jeff, you're one of my heroes, and Wireshark is great! (If only
> > I had such understanding to be able to contribute... I hope at least
> > when I post about it, I attract a few newbies...)
> >
> 
> No problem. :-)
Thanks again!

-- 
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

Attachment: signature.asc
Description: PGP signature