You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Feb 20, 2022. It is now read-only.
Copy file name to clipboardExpand all lines: README.md
+18-2Lines changed: 18 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -15,7 +15,7 @@ System requirements:
15
15
16
16
The `tshark` command must be available in a new terminal. You may need to [register the installation directory in the PATH environment variable](https://www.architectryan.com/2018/03/17/add-to-the-path-on-windows-10/).
17
17
18
-
**This app only performs the analysis of the packet stream, not the initial capture.** You need to use router to capture the packet stream and provide it in TZSP format to this app.
18
+
**This app only performs the analysis of the packet stream, not the initial capture.** You need to configure a router to capture the packet stream and provide it in TZSP format to this app.
19
19
20
20
MikroTik RouterOS has [built-in support for TZSP packet capture](https://wiki.mikrotik.com/wiki/Manual:Tools/Packet_Sniffer). You can also define a [MikroTik firewall mangle rule](https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle) with the `sniff-tzsp` action, for detailed filtering of captured traffic.
21
21
@@ -48,8 +48,20 @@ You could simply direct them at the same analyzer but this will lead to the resu
48
48
49
49
If you want the results separated in Prometheus, run a separate instance of the analyzer, accepting packets and publishing results on individual ports (`--listen-port` and `--publish-port`, respectively).
50
50
51
+
# (Linux) On startup, I see "Failed to create directory ..." - what's wrong?
52
+
53
+
This appears to be a .NET Core defect, where the startup loader attempts to extract files to `/var/tmp` directory that is not always writable: https://github.com/dotnet/core-setup/issues/8882.
54
+
55
+
To work around this issue, set a custom runtime bundle extraction directory:
56
+
57
+
```
58
+
export DOTNET_BUNDLE_EXTRACT_BASE_DIR=$HOME/.net
59
+
```
60
+
51
61
# (Any OS) Why do I get a permissions-related error on startup?
52
62
63
+
> tshark: Couldn't run /usr/bin/dumpcap in child process: Permission denied
64
+
53
65
The user runnig the app must have the required permissions to use TShark. On Linux, you may need to add the user to the `wireshark` group, depending on system configuration.
54
66
55
67
# (Windows) Why do I get a permissions-related error on startup?
@@ -58,4 +70,8 @@ The app may throw an access denied exception on Windows if your user does not ha
The port number you need to specify here is the publishing port, 9184 by default.
73
+
The port number you need to specify here is the publishing port, 9184 by default.
74
+
75
+
# Why does this app need TShark, why not just open a socket and listen?!?
76
+
77
+
Implementations of the TZSP protocol can truncate packets under some conditions, which might result in the operating system filtering them out and never handing them over to the listening app. Using TShark ensures that we can process even truncated packets.
0 commit comments