Ask Your Question

changing link-layer header in the capture interfaces

asked 2018-06-07 09:12:22 +0000

MSK gravatar image


I have newest version 2.6.1 of the wireshark. In the capture interfaces, I was wondering if there is a way to changes for ens33 the link-layer from DLT-1 to ethernet ?

I see on clicking the compile bpfs the output as 'unknown data link type -1'. I think because of this I am unable to capture anything even though all the permissions have given.

Please advice.

Best Regards,

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2018-06-07 10:25:42 +0000

Guy Harris gravatar image

I see on clicking the compile bpfs the output as 'unknown data link type -1'

That's a bug. Please report it on the Wireshark Bugzilla so we can attempt to figure out what's causing it and fix it.

What does tcpdump print when you run sudo tcpdump -i ens33? In particular, what are the first two lines it prints? It should print something such as

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type {something}, capture size {something} bytes
edit flag offensive delete link more


Hi Thanks for the reply.

I can confirm that that on doing sudo tcpdump -i ens33 I see the above two lines..with ens33, link-type EN10MB (Ethernet). I have reported a bug with #14847. In the mean time, is there other stable version of the wireshark I could use?

MSK gravatar imageMSK ( 2018-06-08 01:10:10 +0000 )edit

This bug seems to appear only when I am trying to capture on thet st dev version. I tried to install version 2.4.7 but still get the above problem when capturing. I have tried sudo dpkg-reconfigure wireshark-common but issue still persists.

MSK gravatar imageMSK ( 2018-06-08 12:15:51 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-06-07 09:12:22 +0000

Seen: 35 times

Last updated: Jun 07