Ask Your Question
0

Wireshark not showing any IP addresses or protocols in captures

asked 2023-11-09 10:26:40 +0000

TTM gravatar image

I am running Wireshark 3.6.2 on Ubuntu 22.04 as root. In the past, I would see the source and destination IP addresses and the protocol. Now, I can see none of these. I saw one article that suggested removing the configuration directory (.config/wireshark/...) which I did after closing Wireshark, but this made no difference. I know I am accessing both local and wan sites when I capture, and from my previous experience, I do not recall seeing any captures without both source and destination ip addresses, and recall ARP messages being common - but there are no protocols shown. When I look at the frames, all the protocol and address information seems to be absent. I have just tried removing wireshark and reinstalling it, but the issues remain constant. Any clues as to what is going on/ how to fix this? Many thanks for any help.

edit retag flag offensive close merge delete

Comments

If you expand Frame in the 3.19. The “Packet Details” Pane, what protocols are listed?

[Protocols in frame: eth:ethertype:data]

(In the example above the IPv4 dissector is disabled)

Chuckc gravatar imageChuckc ( 2023-11-09 14:49:12 +0000 )edit

My apologies, but I was unable to add an image, however, in essence, the part you mentioned looks like [Protocols in frame: ] for every frame!

TTM gravatar imageTTM ( 2023-11-09 14:57:36 +0000 )edit

What is Encapsulation type: Ethernet (1) at the top of the Frame information?

Chuckc gravatar imageChuckc ( 2023-11-09 15:07:14 +0000 )edit

Many thanks :- "Encapsulation type: Linux cooked-mode capture v1 (25)" This was the same for all frames I randomly looked at - but isn't something I have ever tampered with! (Far beyond my knowledge/ understanding! It is how Wireshark has been capturing the data!)

TTM gravatar imageTTM ( 2023-11-09 15:19:13 +0000 )edit

Dear Chuckc, Thank you so very much - you are a genius - it turns out all protocols were disabled, and as soon as I enabled all protocols, all the data began showing. My sincere thanks for all your help. How might I mark your help as the solution? Kind Regards

TTM gravatar imageTTM ( 2023-11-09 16:22:33 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2023-11-09 15:49:03 +0000

Chuckc gravatar image

There is a sample capture (sll-vlan-packet.cap:) attached to 5680: SLL encapsuled 802.1Q VLAN is not dissected.

If you open it in Wireshark, what is displayed for Protocols in frame:?

If empty, check Analyze -> Enabled Protocols... - search for sll. Is it enabled (check box checked)?

edit flag offensive delete link more

Comments

Many thanks - for some reason, by default (and I don't recall this any other time I have used Wireshark), all protocols were disabled. Once I enabled all protocols, it all worked perfectly again! Many thanks for your help.

TTM gravatar imageTTM ( 2023-11-19 14:33:15 +0000 )edit

Some of the protocols that are disabled by default can be greedy.
skype is one that comes to mind.
If you see odd protocols in your captures you might have to back off and selectively disable them.

Chuckc gravatar imageChuckc ( 2023-11-20 13:49:48 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-11-09 10:26:40 +0000

Seen: 1,195 times

Last updated: Nov 09 '23