How to install Wireshark on Linux and capture USB traffic? - linux

I have encountered numerous problems in the installation of Wireshark, and the capture of USB traffic, especially due to user permissions.
How to install Wireshark on Linux and capture USB traffic?

Tested on Ubuntu 14.04, but probably works on other distributions since none of the steps are specific to Ubuntu.
The first time you follow the tutorial, do all the steps 1 -> 7.
When you restart your computer, you have to repeat steps 6 and 7 to see the USB interfaces in Wireshark.
Install Wireshark and libpcap:
sudo apt-get install wireshark libpcap0.8
For Debian, Ubuntu and other Debian derivatives, continue to step 3.
For other Linux based systems or other installation methods, see the Wireshark Wiki, then go to step 6.
Reconfigure wireshark to allow non-superusers to track packets:
sudo dpkg-reconfigure wireshark-common
Select <Yes> in the prompt
Add your username to the "wireshark" usergroup:
sudo usermod -a -G wireshark <your_username>
You can verify if it’s done correctly by displaying the groups your username is part of:
groups <your_username>
If not, you can add the group "wireshark" manually:
groupadd wireshark
And then add your username to the group (see above)
Important: Logout of your session, then log back in.
This step depends on the kernel version that is installed on your machine. To know the version of your kernel, type:
uname -r
For versions of the kernel prior to 2.6.21, if debugfs is not already mounted on /sys/kernel/debug, ensure that it is mounted there by issuing the following command:
sudo mount -t debugfs / /sys/kernel/debug
For kernel version 2.6.21 and later, load the loadable module usbmon in the Kernel:
`sudo modprobe usbmon`
See [Wireshark Wiki](https://wiki.wireshark.org/CaptureSetup/USB#Linux) for more information about this differentiation.
If the usbmon interfaces don't appear in Wireshark, look for interfaces using dumpcap (the command-line tool of Wireshark):
sudo dumpcap -D
You should see the usbmon* interfaces. Now display the permissions of the usbmon interfaces:
ls -l /dev/usbmon*
If the usbmon* files have 'crw-------', then it's normal that Wireshark cannot read them because it's not run as root. Do not execute wireshark in root mode, it may damage files. Instead, you can give it regular users privileges :
sudo setfacl -m u:$USER:r /dev/usbmon*
Now the usbmon interfaces should appear in Wireshark.
Sources:
https://wiki.wireshark.org/CaptureSetup/USB#Linux
https://wiki.wireshark.org/CaptureSetup/CapturePrivileges#Most_UNIXes
https://unix.stackexchange.com/questions/55722/wireshark-couldnt-run-usr-sbin-dumpcap-in-child-process
http://anonscm.debian.org/viewvc/collab-maint/ext-maint/wireshark/trunk/debian/README.Debian?view=markup

Related

socketcan alternative / add can0 to /dev/

I am currently working with CAN-BUS Systems.
I make the CAN Interface available using
sudo modprobe can
sudo modprobe can-raw
sudo modprobe mttcan
sudo ip link set can0 type can bitrate 250000
sudo ip link set up can0
It now shows up in ifconfig and works fine in my python code.
Since I am working with aws greengrass I need the device to show up in /dev/ in order to access it. Is there any way to use something different than socketcan? If so, how do I use it?
I have no idea how linux handles can interfaces.

PWM using bcm2835 library as non-root in Raspberry Pi

I need to control some DC motors using PWM. I have been trying to use the bcm2835 library, but I need root access to run my program. I need to avoid this, as this program is part of a ROS package, which gives problems if run as root. I have tried to follow the instructions that appear in the section "Running as root", but I haven't been successful. I have done the following.
First, I have installed libcap2 and libcap-dev and added my user to the kmem group.
sudo apt-get install libcap2 libcap-dev
sudo adduser ubuntu kmem
Then, I have installed the version latest version of bcm2835 library.
wget http://www.airspayce.com/mikem/bcm2835/bcm2835-1.67.tar.gz
tar zxvf bcm2835-1.67.tar.gz
cd bcm2835-1.67
./configure
make
sudo make check
sudo make install
After that, I uncommented the #define BCM2835_HAVE_LIBCAP line in bcm2835.h, which I found in /usr/local/include/.
I allowed write access to /dev/mem by members of kmem group.
echo 'SUBSYSTEM=="mem", KERNEL=="mem", GROUP="kmem", MODE="0660"' | sudo tee /etc/udev/rules.d/98-mem.rules
sudo reboot
And finally, I compiled my program (called l298n) and run the following command.
sudo setcap cap_sys_rawio+ep l298n
After doing all this, my program is still not able to provide PWM control unless I run it as root.
Have I done anything wrong? Is there any other way around this? As far as I know, other libraries would run into the same problem, as it depends on the access level of /dev/mem.
I am running Ubuntu 20.04 LTS in a Raspberry Pi 3B+.
What you did wrong:
You edited the wrong bcm2835.h, you need to edit bcm2835.h where ever you unpacked bcm2835-1.67.tar.gz, not /usr/local/include.
You didn't recompile the library to actually have the added feature in it.
Also, if you're just accessing the GPIO pins and don't need non-root access to /dev/mem then there's no need to do anything more than adding access rights to /dev/gpiomem to your non-root user.
Have you tried version 68 already ?
There where made some changings concerning 'BCM2835_HAVE_LIBCAP'.

Programmatically connecting to a wifi network in Linux

There are multiple questions regarding this functionality for Android or iOS, but I am attempting to do this on Linux (OpenWrt 15.05 to be specific). I want to scan for wireless networks, present the list to the user, have them select one and send the username/password to the network.
I wrote a quick C program using iw_scan from the wireless_tools package so I can see the wireless networks, but I am having issues trying to determine how to connect to a wireless network. iwconfig from the same package just appears to modify an already existing connection.
I have spent a few hours surfing the web thinking there has got to be a package that already does this since it is such a common use case. Anyone know of one?
Thanks.
wpa_supplicant
Take a look at wpa_supplicant package. It includes wpa_supplicant daemon that can be controlled via wpa_cli and wpa_gui utilities or D-Bus API.
Programs like wicd and Network Manager uses wpa_supplicant internally.
NetworkManager
You can also use D-Bus API or command line interface (nmcli) for NetworkManager. It provides a higher level abstraction than wpa_supplicant does.
I've tried number of solutions to this, from wicd, to network manager's cli interface nmcli, to wifi in python. I didn't want a UI, I didn't want network manager, and the python wifi project was too complicated and I faced some problems with it. So I wrote a short, simple bash script for connecting to wpa and open networks (WEP not supported), a wrapper on wpa_passphrase and wpa_supplicant:
sudo apt-get install -y wireless-tools wpasupplicant expect macchanger
sudo wget -O /usr/local/bin/wifi-connect https://raw.githubusercontent.com/erjoalgo/erjoalgo-gnu-scripts/master/wifi-connect
sudo chmod +x /usr/local/bin/wifi-connect
wifi-connect -e Internet -p my-password
wifi-connect -h
The wpa-passphrase files (including plaintext passphrases) are persisted in $HOME/.config/wifi-connect, and if no ESSID is provided, it will automatically connect to any known available network. It supports changing the iface mac address via macchanger.

Monitor/audit file delete on Linux

One of the .beam files of one of my application deps is being deleted and I am not sure by what/how.
Is there a way to monitor or audit a file to see what happens when it is deleted?
I'm using RedHat distro.
Yes, you can use the audit daemon. You did't say which Linux distro. Red Hat based systems contain auditd, and you can use auditctl to add rules.
To watch a directory recursively for changes:
auditctl -w /usr/local/someapp/ -p wa
To watch system calls made by a program with pid of 2021:
auditctl -a exit,always -S all -F pid=2021
Check the man page for auditctl.
Results will be logged to /var/log/audit/audit.log
To ensure it's running.
/etc/init.d/auditd status
For a more thorough approach, you could use tripwire or OSSEC, but they're geared more toward intrusion detection.
You can monitor your Linux file system using aide. AIDE means Intrusion Detection Software to Monitor Changes.
Steps:
Install AIDE #yum install aide -y
Configuration AIDE // PERMS=p+i+u+g+acl+selinux
Initialize the AIDE database #aide –-init
Check the file system changes #aide –-check
To get more details you can visit below link
http://topicsfeedback.com/linux-system-monitoring-tools/
or you may download best android apps about advance Linux in your phone to get instant access
https://play.google.com/store/apps/details?id=com.topicsfeedback.advancelinux

iptables on busybox

I have busybox installed as a 'starter' package on my embedded linux board and I also need to use iptables to configure some firewall rules.
Is there a way to get access to iptables from the busybox shell?
Otherwise, how can I exit busybox shell to get to the iptables command?
Thank you.
(1)First you need to how to modify the kernel, install modules and applications in Busybox environment.
(2)Then you can config the kernel to support Iptables (most in menu of network/netfilter),you can build those kernel modules as ko modules or part of kernel image.
(3)go to homepage to netfilter to get application souce code. Build and install.
(4)modprobe the ko (for example)
modprobe iptable_filter
modprobe ip_tables
(5)try your IPTABLES....If meet problem, you may goto step 2 to make some change.

Resources