First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Wireshark not showing any IP addresses or protocols in captures

I am running Wireshark 3.6.2 on Ubuntu 22.04 as root. In the past, I would see the source and destination IP addresses and the protocol. Now, I can see none of these. I saw one article that suggested removing the configuration directory (.config/wireshark/...) which I did after closing Wireshark, but this made no difference. I know I am accessing both local and wan sites when I capture, and from my previous experience, I do not recall seeing any captures without both source and destination ip addresses, and recall ARP messages being common - but there are no protocols shown. When I look at the frames, all the protocol and address information seems to be absent. I have just tried removing wireshark and reinstalling it, but the issues remain constant. Any clues as to what is going on/ how to fix this? Many thanks for any help.

TTM's avatar
1
TTM
asked 2023-11-09 10:26:40 +0000
edit flag offensive 0 remove flag close merge delete

Comments

If you expand Frame in the 3.19. The “Packet Details” Pane, what protocols are listed?

[Protocols in frame: eth:ethertype:data]

(In the example above the IPv4 dissector is disabled)

Chuckc's avatar Chuckc (2023-11-09 14:49:12 +0000) edit
more
  • delete

My apologies, but I was unable to add an image, however, in essence, the part you mentioned looks like [Protocols in frame: ] for every frame!

TTM's avatar TTM (2023-11-09 14:57:36 +0000) edit
more
  • delete

What is Encapsulation type: Ethernet (1) at the top of the Frame information?

Chuckc's avatar Chuckc (2023-11-09 15:07:14 +0000) edit
more
  • delete

Many thanks :- "Encapsulation type: Linux cooked-mode capture v1 (25)" This was the same for all frames I randomly looked at - but isn't something I have ever tampered with! (Far beyond my knowledge/ understanding! It is how Wireshark has been capturing the data!)

TTM's avatar TTM (2023-11-09 15:19:13 +0000) edit
more
  • delete

Dear Chuckc, Thank you so very much - you are a genius - it turns out all protocols were disabled, and as soon as I enabled all protocols, all the data began showing. My sincere thanks for all your help. How might I mark your help as the solution? Kind Regards

TTM's avatar TTM (2023-11-09 16:22:33 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

There is a sample capture (sll-vlan-packet.cap:) attached to 5680: SLL encapsuled 802.1Q VLAN is not dissected.

If you open it in Wireshark, what is displayed for Protocols in frame:?

If empty, check Analyze -> Enabled Protocols... - search for sll. Is it enabled (check box checked)?

Chuckc's avatar
3k
Chuckc
answered 2023-11-09 15:49:03 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Many thanks - for some reason, by default (and I don't recall this any other time I have used Wireshark), all protocols were disabled. Once I enabled all protocols, it all worked perfectly again! Many thanks for your help.

TTM's avatar TTM (2023-11-19 14:33:15 +0000) edit
more
  • delete

Some of the protocols that are disabled by default can be greedy.
skype is one that comes to mind.
If you see odd protocols in your captures you might have to back off and selectively disable them.

Chuckc's avatar Chuckc (2023-11-20 13:49:48 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer