Capture interface startup on Linux Mint
Wish to capture the whole startup conversation as a laptop connects to wifi AP.
Problem is that Wireshark refuses to attach to the down network interface, so I miss the initial exchange.
Is there a way to force Wireshark to monitor a down interface?
Wireshark Version:
3.2.3 (Git v3.2.3 packaged as 3.2.3-1)
Compiled (64-bit) with Qt 5.12.8, with libpcap, with POSIX capabilities (Linux), with libnl 3, with GLib 2.64.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4, with GnuTLS 3.6.13 and PKCS #11 support, with Gcrypt 1.8.5, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.40.0, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.10, with QtMultimedia, without automatic updates, with SpeexDSP (using system library), with SBC, with SpanDSP, without bcg729.
Running on Linux 5.4.0-107-generic, with AMD A8-7410 APU with AMD Radeon R5 Graphics (with SSE4.2), with 6894 MB of physical memory, with locale en_GB.UTF-8, with light display mode, without HiDPI, with libpcap version 1.9.1 (with TPACKET_V3), with GnuTLS 3.6.13, with Gcrypt 1.8.5, with brotli 1.0.7, with zlib 1.2.11, binary plugins supported (18 loaded).
Built using gcc 9.3.0.
Linux Version:
NAME="Linux Mint" VERSION="20.3 (Una)" ID=linuxmint ID_LIKE=ubuntu PRETTY_NAME="Linux Mint 20.3" VERSION_ID="20.3" HOME_URL="https://www.linuxmint.com/" SUPPORT_URL="https://forums.linuxmint..." BUG_REPORT_URL="http://linuxmint-troubleshooting-guide.readthedocs.io/en/latest/" PRIVACY_POLICY_URL="https://www.linux..." VERSION_CODENAME=una UBUNTU_CODENAME=focal
Any information or assistance appreciated.
Harry
Can you use
tcpdump -i Anyinstead and then open the PCAP file later?Not as far as I can see:
shoka@shokalaptop:~$ sudo tcpdump -i wlan0
[sudo] password for shoka:
tcpdump: wlan0: That device is not up
shoka@shokalaptop:~$