This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark 1.8.0 with ethernet lan tap

I am using Wireshark 1.8.0 in ubuntu 12.04, and I made my own passive lan tap from enigma curry website I just checked to make sure the connections are good. all of the connections are intact and not loose. The way my setup is I use ethernet port on my laptop, and I use usb 2.0 ethernet adapter. It seem to work on Windows with my lan tap but I am wanting to get it working in ubuntu.

Any help will be appreciated! :)

passive lan wireshark tap ubuntu

asked 09 Jul '12, 23:11

keyboardmonkey
1●1●1●1
accept rate: 0%

edited 10 Jul '12, 04:18

Jaap ♦
11.7k●16●101

One Answer:

Who is enigma and why does he/she love curry? Seriously, please post more information about that "passive lan tap" (link), the way you used it with Windows and what you tried to make it work with Ubuntu.
The best way to build your own linux "lan tap" (without soldering) is to configure a bridge, although that's not a passive "tap"! Check these:

http://www.m0rd0r.eu/?p=395
http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge
http://tcpreplay.synfin.net/wiki/tcpbridge

If I misunderstood your request, please add more details.

Regards
Kurt

answered 10 Jul '12, 02:19

Kurt Knochner ♦
24.8k●10●39●237
accept rate: 15%

edited 10 Jul '12, 02:33

Sorry, The reason why I am using wireshark 1.8 is what I thought to eliminate the need to bridge the two interfaces for packet sniffing.

(10 Jul '12, 08:44) keyboardmonkey

O.K. so how did you do it on Windows?

BTW: As you are using a "real" Tap, you can just sniff on both network adapters at once. This is possible with Wireshark >= 1.7. Just select multiple interfaces in the dialog "Capture -> Interfaces".

(10 Jul '12, 08:48) Kurt Knochner ♦

It seemed easier to bridge in windows than it is to bridge in ubuntu.

(10 Jul '12, 12:23) keyboardmonkey

I thought you wanted to eliminate the need for a bridge? On Ubuntu, there is no easier way to create a bridge than the ones I posted the links for. Take a look at tcpbridge.

Anyway, with the TAP you built, there is no need to use a bridge, you can just to sniff on both of your adapters in parallel to capture traffic in both directions (given that the TAP works). See my BTW in a previous comment.

(10 Jul '12, 23:52) Kurt Knochner ♦

Sorry, that is what I mean I started to use 1.8 on Ubuntu so I can sniff without bridging, I am able to choose Eth0 and Eth1 in wireshark. But, when I start to capture I get nothing I checked inside my lan tap and they all have good connection. I noticed the mac address to my ethernet interfaces won't show up underneath the interface name in wireshark.

(11 Jul '12, 00:28) keyboardmonkey

I checked inside my lan tap and they all have good connection.

did you see traffic with the same setup on Windows (same TAP, same computer, same USB network adapter)?

I noticed the mac address to my ethernet interfaces won't show up underneath the interface name in wireshark.

Do you see any traffic if you connect your interfaces to a regular switch and start capturing data? If you can't see any traffic even in this scenario, try to generate some traffic on the sniffer box by pinging other systems on the network. Does that work?

(11 Jul '12, 00:36) Kurt Knochner ♦

Ok, I just hooked up my laptop straight to my router (eth0 and eth1) and it seems to work, something in my lan tap is not working properly which id what is could be (then again I was hooked up to a router) I will find more up to date lan tap.

(11 Jul '12, 19:44) keyboardmonkey

something in my lan tap is not working properly which id what is could be (then again I was hooked up to a router)

maybe it's better to buy a TAP (or any other vendor) than building one yourself ;-)

BTW: For simple networks, a port mirroring switch is usually sufficient

(12 Jul '12, 00:07) Kurt Knochner ♦

showing 5 of 8 show 3 more comments