Query about monitoring unknown Internet traffic

Petter Adsen petter at synth.no
Mon Oct 19 06:50:45 UTC 2015 

On Mon, 19 Oct 2015 12:41:19 +0800
Bret Busby <bret.busby at gmail.com> wrote:

> On 19/10/2015, Karl Auer <kauer at biplane.com.au> wrote:
> > On Mon, 2015-10-19 at 02:26 +0800, Bret Busby wrote:  
> >> I assume that that means shutting down all the applications that are
> >> currently open.  
> >
> > Yes - if you need a new login to your existing X server. I guess you
> > have to decide how likely it is that the traffic requires urgent
> > investigation.
> >
> > However, as previously mentioned, you DO NOT NEED to change groups to
> > use wireshark. Just run wireshark as root from a terminal window:
> >
> >    gksudo wireshark
> >
> > Regards, K.
> >  
> 
> I tried to run gksudo wireshark, but nothing happened, so, after a
> couple of minutes, I did <CTRL><C> .

Strange, it works fine here. It will still pop up the message you get
below, but we'll get to that.

> I am unfamiliar with the gksudo command.

gksudo is a program specifically designed to run graphical programs as
root. It will set up the environment correctly. If you are unfamiliar
with a program, you can take a look at the man page and read the
description there.

> I then tried to run sudo wireshark , and got the following errore message.
> 
> "Lua: error during loading:
> [string "/usr/share/wireshark/init.lua"]:46:dofile has been disabled
> due to running Wireshark as superuser.See
> http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in
> running Wireshark as an unprivileged user."
>
> So, it appears that wireshark can not be run as a superuser, and it is
> designed to be difficult to be run as an ordinary user.

No, that is just a warning, wireshark will operate correctly - the
message even tells you that only some functionality has been disabled,
and you were also *explicitly told* about this warning message elsewhere
in the thread. Neither is wireshark "designed to be difficult".

You can also run something like 'netstat -tuapn' to see what programs
have open network connections, that should give you an idea about what
is up/downloading. See the 'netstat' man page for details on options
and how to read the output. And you don't need to log out and back in
again in order to do it. If you want to examine something more closely
to see exactly what is being transmitted, you could look at the man
page for 'tcpdump' if you are still unable to get wireshark to work.
All of these things have been suggested a number of times, but you have
never responded to them.

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."

More information about the ubuntu-users mailing list