Revision history [back]
Wireshark and nftables
Hi,
I have Wireshark installed on Linux and it works fine.
When starting Wireshark, it was starting very quickly (less the 2 seconds) until I setup nftables.
It then started to pause on 'Initializing external capture plugins' for about 20-25 seconds.
I have been trying to workout what it was stumbling over and have come up with the following;
- With only a very simple input and output chain that have 'accept' as their default states, Wireshark starts quickly.
- With either or both being set to 'drop', Wireshark pauses.
- With both being set to 'accept' and the loopback, eth, wlan interfaces all being set to 'drop', Wireshark starts quickly.
- With either or both being set to 'drop' and all the interfaces shown by Wireshark except for 'bluetooth-monitor' being set to 'accept', Wireshark pauses.
- With either or both being set to 'accept' and all the interfaces shown by Wireshark except for 'bluetooth-monitor' being set to 'drop', Wireshark starts quickly.
I am unable to add 'bluetooth-monitor' as an interface to nftables even to test. The error reported by the syntax checker is the interface names exceeds 16 characters! I also tried adding 'pan1' to nftables which compiled ok but made no difference. I should note that there is no bluetooth interface on this host
Has anyone got any suggestions;
A. what may be causing Wireshark to start slower? (Resolved : Loopack interface was blocked - see comment by @johnthacker below - thanks)
B. what troubleshooting steps I could take next? (Resolved : Thanks @Jaap, @Guy-Harris and johnthacker for your suggestions)
C. fingers crossed - what a fix might be? ;-) (Resolved : See above)
Many Thanks
Kernel 6.1.75
Wireshark 4.0.12
Wireshark and nftables
Hi,
I have Wireshark installed on Linux and it works fine.
When starting Wireshark, it was starting very quickly (less the 2 seconds) until I setup nftables.
It then started to pause on 'Initializing external capture plugins' for about 20-25 seconds.
I have been trying to workout what it was stumbling over and have come up with the following;
- With only a very simple input and output chain that have 'accept' as their default states, Wireshark starts quickly.
- With either or both being set to 'drop', Wireshark pauses.
- With both being set to 'accept' and the loopback, eth, wlan interfaces all being set to 'drop', Wireshark starts quickly.
- With either or both being set to 'drop' and all the interfaces shown by Wireshark except for 'bluetooth-monitor' being set to 'accept', Wireshark pauses.
- With either or both being set to 'accept' and all the interfaces shown by Wireshark except for 'bluetooth-monitor' being set to 'drop', Wireshark starts quickly.
I am unable to add 'bluetooth-monitor' as an interface to nftables even to test. The error reported by the syntax checker is the interface names exceeds 16 characters! I also tried adding 'pan1' to nftables which compiled ok but made no difference. I should note that there is no bluetooth interface on this host
Has anyone got any suggestions;
A. what may be causing Wireshark to start slower? (Resolved : Loopack interface was blocked - see comment by @johnthacker below - thanks)
B. what troubleshooting steps I could take next? (Resolved : Thanks @Jaap, @Guy-Harris and johnthacker for your suggestions)
C. fingers crossed - what a fix might be? ;-) (Resolved : See above)
Many Thanks
Kernel 6.1.75
Wireshark 4.0.12
Wireshark and nftables
Hi,
I have Wireshark installed on Linux and it works fine.
When starting Wireshark, it was starting very quickly (less the 2 seconds) until I setup nftables.
It then started to pause on 'Initializing external capture plugins' for about 20-25 seconds.
I have been trying to workout what it was stumbling over and have come up with the following;
- With only a very simple input and output chain that have 'accept' as their default states, Wireshark starts quickly.
- With either or both being set to 'drop', Wireshark pauses.
- With both being set to 'accept' and the loopback, eth, wlan interfaces all being set to 'drop', Wireshark starts quickly.
- With either or both being set to 'drop' and all the interfaces shown by Wireshark except for 'bluetooth-monitor' being set to 'accept', Wireshark pauses.
- With either or both being set to 'accept' and all the interfaces shown by Wireshark except for 'bluetooth-monitor' being set to 'drop', Wireshark starts quickly.
I am unable to add 'bluetooth-monitor' as an interface to nftables even to test. The error reported by the syntax checker is the interface names exceeds 16 characters! I also tried adding 'pan1' to nftables which compiled ok but made no difference. I should note that there is no bluetooth interface on this host
Has anyone got any suggestions;
A. what may be causing Wireshark to start slower? (Resolved : Loopack interface was blocked - see comment by @johnthacker below - thanks)slower?
B. what troubleshooting steps I could take next? (Resolved : Thanks @Jaap, @Guy-Harris and johnthacker for your suggestions)next?
C. fingers crossed - what a fix might be? ;-) (Resolved : See above);-)
Many Thanks
Kernel 6.1.75
Wireshark 4.0.12
Wireshark and nftables
Hi,
I have Wireshark installed on Linux and it works fine.
When starting Wireshark, it was starting very quickly (less the 2 seconds) until I setup nftables.
It then started to pause on 'Initializing external capture plugins' for about 20-25 seconds.
I have been trying to workout what it was stumbling over and have come up with the following;
- With only a very simple input and output chain that have 'accept' as their default states, Wireshark starts quickly.
- With either or both being set to 'drop', Wireshark pauses.
- With both being set to 'accept' and the loopback, eth, wlan interfaces all being set to 'drop', Wireshark starts quickly.
- With either or both being set to 'drop' and all the interfaces shown by Wireshark except for 'bluetooth-monitor' being set to 'accept', Wireshark pauses.
- With either or both being set to 'accept' and all the interfaces shown by Wireshark except for 'bluetooth-monitor' being set to 'drop', Wireshark starts quickly.
I am unable to add 'bluetooth-monitor' as an in interface to nftables even to test. The error reported by the syntax checker is the interface names exceeds 16 characters! I also tried adding 'pan1' to nftables which compiled ok but made no difference. I should note that there is no bluetooth interface on this hostcharacters!
Has anyone got any suggestions;
A. what may be causing Wireshark to start slower?
B. what troubleshooting steps I could take next?
C. fingers crossed - what a fix might be? ;-)
Many Thanks
Kernel 6.1.75
Wireshark 4.0.12