Ask Your Question

fsbof's profile - activity

overview network karma followed questions activity
2024-02-15 08:28:30 +0000 received badge  Organizer (source)
2024-02-15 08:27:14 +0000 edited question Wireshark and nftables

Wireshark and nftables Hi, I have Wireshark installed on Linux and it works fine. When starting Wireshark, it was star
2024-02-15 08:24:21 +0000 commented answer Wireshark and nftables

@Guy-Harris - Thank you for the explanation. The results to the things @Jaap suggested I look at are above. It doesn't a
2024-02-15 08:21:07 +0000 marked best answer Wireshark and nftables

Hi,

I have Wireshark installed on Linux and it works fine.

When starting Wireshark, it was starting very quickly (less the 2 seconds) until I setup nftables.

It then started to pause on 'Initializing external capture plugins' for about 20-25 seconds.

I have been trying to workout what it was stumbling over and have come up with the following;

  1. With only a very simple input and output chain that have 'accept' as their default states, Wireshark starts quickly.
  2. With either or both being set to 'drop', Wireshark pauses.
  3. With both being set to 'accept' and the loopback, eth, wlan interfaces all being set to 'drop', Wireshark starts quickly.
  4. With either or both being set to 'drop' and all the interfaces shown by Wireshark except for 'bluetooth-monitor' being set to 'accept', Wireshark pauses.
  5. With either or both being set to 'accept' and all the interfaces shown by Wireshark except for 'bluetooth-monitor' being set to 'drop', Wireshark starts quickly.

I am unable to add 'bluetooth-monitor' as an interface to nftables even to test. The error reported by the syntax checker is the interface names exceeds 16 characters! I also tried adding 'pan1' to nftables which compiled ok but made no difference. I should note that there is no bluetooth interface on this host

Has anyone got any suggestions;

A. what may be causing Wireshark to start slower? (Resolved : Loopack interface was blocked - see comment by @johnthacker below - thanks)

B. what troubleshooting steps I could take next? (Resolved : Thanks @Jaap, @Guy-Harris and johnthacker for your suggestions)

C. fingers crossed - what a fix might be? ;-) (Resolved : See above)

Many Thanks

Kernel 6.1.75

Wireshark 4.0.12
2024-02-15 08:21:07 +0000 received badge  Scholar (source)
2024-02-15 08:21:04 +0000 commented answer Wireshark and nftables

Hi @johnthacker, thanks for this suggestion - the fix was in here! First I tried moving the androiddump (and all the oth
2024-02-15 07:52:24 +0000 commented answer Wireshark and nftables

@Guy Harris - Thank you for the explanation. The results to the things @Jaap suggested I look at are above. It doesn't a
2024-02-13 23:56:40 +0000 commented question Wireshark and nftables

Hi @Jaap Don't load interfaces at startup - doesn't seem to affect it, it is still slower. Disable external capture in
2024-02-13 06:24:11 +0000 received badge  Editor (source)
2024-02-13 06:24:11 +0000 edited question Wireshark and nftables

Wireshark and nftables Hi, I have Wireshark installed on Linux and it works fine. When starting Wireshark, it was star
2024-02-13 05:59:14 +0000 asked a question Wireshark and nftables

Wireshark and nftables Hi, I have Wireshark installed on Linux and it works fine. When starting Wireshark, it was star