Sanprof's profile - activity

overview network karma followed questions activity

2023-06-22 20:45:53 +0000	received badge	● Notable Question (source)
2023-06-22 20:45:53 +0000	received badge	● Popular Question (source)
2023-06-22 20:45:53 +0000	received badge	● Famous Question (source)
2021-09-28 19:44:06 +0000	marked best answer	wireshark docker container override preferences I created my own docker image and preinstall there Wireshark to use tshark to analyze pcap files in my asp.net core application, here is part of my Dockerfile FROM mcr.microsoft.com/dotnet/aspnet:5.0-focal AS base # Install build wireshark, need to run as root RUN echo "** install packages " && \ apt-get update && \ apt-get install -yq software-properties-common && \ apt-get install -y wireshark && \ apt-get install -yq tshark && \ echo " permissions " && \ setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap && \ echo " cleanup *" && \ apt-get clean && \ rm -rf /tmp/ /var/lib/apt/lists/* /var/tmp/* WORKDIR /app #next part of Dockerfile is related to asp.net stuff Everything is working well I can get the required info from pcap files using tshark commands inside docker container. I've faced the next issue I can't modify preferences of the default profile at least I can't even find where I can change it there is no GUI and I can use the only terminal. E.g. I need to enable transum protocol and add additional tcp ports to it: # Add and remove ports numbers separated by commas # Ranges are supported e.g. 25,80,2000-3000,5432 # A string denoting an positive integer range (e.g., "1-20,30-40") transum.tcp_port_ranges: 25,80,443,1433,3389,102 # Add and remove ports numbers separated by commas # Ranges are supported e.g. 123,137-139,520-521,2049 # A string denoting an positive integer range (e.g., "1-20,30-40") #transum.udp_port_ranges: 137-139 # Set this to discard any packet in the direction client to service, # with a 1-byte payload of 0x00 and the ACK flag set # TRUE or FALSE (case-insensitive) #transum.orphan_ka_discard: FALSE # RTE data will be added to the first request packet # TRUE or FALSE (case-insensitive) transum.rte_on_first_req: TRUE # RTE data will be added to the last request packet # TRUE or FALSE (case-insensitive) #transum.rte_on_last_req: TRUE # RTE data will be added to the first response packet # TRUE or FALSE (case-insensitive) transum.rte_on_first_rsp: TRUE # RTE data will be added to the last response packet # TRUE or FALSE (case-insensitive) transum.rte_on_last_rsp: TRUE and how I can do it? I have tried to execute inside container tshark -G currentprefs and everything is commented except a couple of parameters, I don't know from where this infos come and also I have tried cli command tshark -o transum.tcp_port_ranges: 25,80,443,1433,3389,102 - not working and I have got an error `tshark: Invalid -o flag "transum.tcp_port_ranges:"`
2021-09-28 19:44:06 +0000	received badge	● Scholar (source)
2021-09-28 19:02:40 +0000	commented answer	wireshark docker container override preferences yes, that is what I need. I created enabled_protos file beside the preferences file and everything is ok now. Thank you
2021-09-28 12:30:36 +0000	commented answer	wireshark docker container override preferences And about the versions, for the container this command apt-get install -yq tshark can install only TShark (Wireshark) 3.
2021-09-28 12:30:08 +0000	commented answer	wireshark docker container override preferences And about the versions, for the container this command apt-get install -yq tshark can install only TShark (Wireshark) 3.
2021-09-28 12:27:51 +0000	commented answer	wireshark docker container override preferences And about the versions, for the container this command apt-get install -yq tshark can install only TShark (Wireshark) 3.
2021-09-28 12:27:29 +0000	commented answer	wireshark docker container override preferences And about the versions for the container, this command apt-get install -yq tshark can install only TShark (Wireshark) 3.
2021-09-28 12:25:11 +0000	commented answer	wireshark docker container override preferences Can you redirect the output of tshark -G currentprefs to file on both and do a 'diff' to see if there are more differenc
2021-09-28 10:55:15 +0000	commented answer	wireshark docker container override preferences I even copied currentprefs from the container and put them to the Wireshark prefs on my Windows machine and the result i
2021-09-28 10:50:04 +0000	commented answer	wireshark docker container override preferences Thank you for your answer, I created preferences file inside /usr/share/wireshark - this is a Global configuration folde
2021-09-28 10:49:54 +0000	commented answer	wireshark docker container override preferences Thank you for your answer, I created preferences file inside /usr/share/wireshark - this is a Global configuration folde
2021-09-28 10:03:21 +0000	commented question	wireshark docker container override preferences yes, on my Windows machine this command also works, but inside the Linux container doesn't.
2021-09-28 09:29:49 +0000	commented question	wireshark docker container override preferences it seems transum plugin has been installed, here is a result of tshark -G plugins ethercat.so 0.1.0 disse
2021-09-28 08:54:49 +0000	commented question	wireshark docker container override preferences tshark -v returns the next: TShark (Wireshark) 3.2.3 (Git v3.2.3 packaged as 3.2.3-1) Copyright 1998-2020 Gerald Combs
2021-09-27 22:31:32 +0000	commented question	wireshark docker container override preferences Chuckc, I have tried both ways with space and w/o, and in both case that was not working. Here is result of tshark -G f
2021-09-27 20:35:17 +0000	asked a question	wireshark docker container override preferences wireshark docker container override preferences I created my own docker image and preinstall there Wireshark to use tsha