TShark Config profile - Configuration Profile "x" does not exist

asked 2019-10-27 13:42:59 +0000

dave47 gravatar image

Hi, I've been tryin to work out the TShark profile filter option workout any luck. Appreciate any ideas/guidance please.

I have the Profile Folder Created in the .config/wireshark/profiles/ - called 'sim' inside sim folder is the cfilters file. Within cfilters i have the name of a filter followed by the filter syntax IE 123 multicast and not ssh port 22

tshark -C sim -f "predef:123"

error: Configuration Profile sim does not exist

edit retag flag offensive close merge delete

Comments

what is output of "tshark -G folders" ?

Chuckc gravatar imageChuckc ( 2019-10-27 15:10:57 +0000 )edit

report

temp:           /tmp
Personal configuration: /home/user/.config/wireshark
Global configuration:   /usr/shar/wireshark
System:         /etc
Program:        /usr/bin
Personal Plugins:   /home/user/.local/lib/wireshark/plugins/2.6
Global Plugins:     /usr/lib/x86_64-linux-gnu/wireshark/plugins/2.6
Personal Lua Plugins:   /home/user/.local/lib/wireshark/plugins/
Global Lua Plugin:  /usr/lib/x86_64-linux-gnu/wireshark/plugins
Extcap path:        /usr/lib/x86_64-linux-gnu/wireshark/extcap
MaxMind database path:  /usr/share/GeoIP
MaxMind database path:  /var/lib/GeoIP
MaxMind database path:  /usr/share/GeoIP

I suspect the issue is that there is no Profiles path listed? Should there be an path for the Profiles folder and then one for the specific created profile? I can see the created profile under the WireShark GUI - along side the default profiles.

dave47 gravatar imagedave47 ( 2019-10-28 01:29:37 +0000 )edit
  1. Is the Global configuration: /usr/shar/wireshark a typo?

  2. tshark knows to append a "profiles" directory to the path when looking for a profile.

    [email protected]:~/.config/wireshark/profiles/sim$ pwd
    /home/xxxx/.config/wireshark/profiles/sim

    [email protected]:~/.config/wireshark/profiles/sim$ tshark -G folders
    Temp:                   /tmp
    Personal configuration: /home/xxxx/.config/wireshark
    Global configuration:   /usr/share/wireshark
  1. Does the user that is running tshark have permission to read "sim" directory and the path leading to it?
Chuckc gravatar imageChuckc ( 2019-10-28 03:38:41 +0000 )edit

yes that is a typo.

The script I have before trying to do the Config Profile, as access to the VMs to run Tshark. The User is same name and pass on all OS's.

[email protected]:~/.config/wireshark/profiles/sim$ pwd
/home/xxxx/.config/wireshark/profiles/sim

These/above and other combinations I try all return the same thing: No such file or directory.

[email protected]:~/.config/wireshark/profiles/sim$ tshark -G folders

This/above also returns: No such file or directory.

Temp:                   /tmp
Personal configuration: /home/xxxx/.config/wireshark
Global configuration:   /usr/share/wireshark

The above is the same output I get, if run local or via SSH, ie: local: tshark -G folders SSH: ssh -tt -q 10.x.x.x 'tshark -G folders'

dave47 gravatar imagedave47 ( 2019-10-28 05:38:26 +0000 )edit

its sorted. I was too concerned about the folder report and not seeing the 'profiles' folder listed.

After the original post I had created the profiles folder on all VMs I was calling. Once I created the fold copy script to update all the profile named folders with the cfilter file. Then ran the Tshark locally calling the profile and filter name, it worked. Then back to the original script calling the Tshark via SSH with the profile and predef filter.... it worked.

Happy days,

thanks for the help.

dave47 gravatar imagedave47 ( 2019-10-29 04:43:08 +0000 )edit