could not start thark !! about foren6 HOT 6 OPEN

hi
this is the output:(thark --help)
Capture interface:
-i name or idx of interface (def: first non-loopback)
-f packet filter in libpcap filter syntax
-s packet snapshot length (def: 65535)
-p don't capture in promiscuous mode
-I capture in monitor mode, if available
-B size of kernel buffer (def: 2MB)
-y link layer type (def: first appropriate)
-D print list of interfaces and exit
-L print list of link-layer types of iface and exit

Capture stop conditions:
-c stop after n packets (def: infinite)
-a ... duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
Capture output:
-b ... duration:NUM - switch to next file after NUM secs
filesize:NUM - switch to next file after NUM KB
files:NUM - ringbuffer: replace after NUM files
Input file:
-r set the filename to read from (- to read from stdin)

Processing:
-2 perform a two-pass analysis
-R packet Read filter in Wireshark display filter syntax
-Y packet displaY filter in Wireshark display filter
syntax
-n disable all name resolutions (def: all enabled)
-N enable specific name resolution(s): "mntC"
-d <layer_type>==,<decode_as_protocol> ...
"Decode As", see the man page for details
Example: tcp.port==8888,http
-H read a list of entries from a hosts file, which will
then be written to a capture file. (Implies -W n)
Output:
-w <outfile|-> write packets to a pcap-format file named "outfile"
(or to the standard output for "-")
-C start with specified configuration profile
-F set the output file type, default is pcapng
an empty "-F" option will list the file types
-V add output of packet tree (Packet Details)
-O Only show packet details of these protocols, comma
separated
-P print packet summary even when writing to a file
-S the line separator to print between packets
-x add output of hex and ASCII dump (Packet Bytes)
-T pdml|ps|psml|text|fields
format of text output (def: text)
-e field to print if -Tfields selected (e.g. tcp.port,
_ws.col.Info)
this option can be repeated to print multiple fields
-E= set options for output when -Tfields selected:
header=y|n switch headers on and off
separator=/t|/s| select tab, space, printable character as separator
occurrence=f|l|a print first, last or all occurrences of each field
aggregator=,|/s| select comma, space, printable character as
aggregator
quote=d|s|n select double, single, no quotes for values
-t a|ad|d|dd|e|r|u|ud output format of time stamps (def: r: rel. to first)
-u s|hms output format of seconds (def: s: seconds)
-l flush standard output after each packet
-q be more quiet on stdout (e.g. when using statistics)
-Q only log true errors to stderr (quieter than -q)
-g enable group read access on the output file(s)
-W n Save extra information in the file, if supported.
n = write network address resolution information
-X : eXtension options, see the man page for details
-z various statistics, see the man page for details
--capture-comment
add a capture comment to the newly created
output file (only for pcapng)

Miscellaneous:
-h display this help and exit
-v display version info and exit
-o : ... override preference setting
-K keytab file to use for kerberos decryption
-G [report] dump one of several available reports and exit
default report="fields"
use "-G ?" for more help

were do i select the correct api?
marco

from foren6.

you forgot to include the first lines of thsark --help and I can not check the actual version you have.

To select the correct API, in Foren6, you open the 'File' menu, you go to Preferences and there you toggle ' Old tshark'

from foren6.

hi
i got foren6 working on istant contiki 3.0
no way to get it work on ubuntu 15.04
this is the tshark 👍 TShark 1.12.7 (Git Rev Unknown from unknown)
Dump and analyze network traffic.
See http://www.wireshark.org for more information.

Copyright 1998-2015 Gerald Combs [email protected] and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Usage: tshark [options] ...

Capture interface:
-i name or idx of interface (def: first non-loopback)
-f packet filter in libpcap filter syntax
-s packet snapshot length (def: 65535)
-p don't capture in promiscuous mode
-I capture in monitor mode, if available
-B size of kernel buffer (def: 2MB)
-y link layer type (def: first appropriate)
-D print list of interfaces and exit
-L print list of link-layer types of iface and exit

Capture stop conditions:
-c stop after n packets (def: infinite)
-a ... duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
Capture output:
-b ... duration:NUM - switch to next file after NUM secs
filesize:NUM - switch to next file after NUM KB
files:NUM - ringbuffer: replace after NUM files
etc....

i tried also the sniff capture with a cc2531 with zboos hex
it works fine with wireshark but not with forens6
i sniffed the serial and the zboss send the channeh to start capturing 0x1a ad example
http://zboss.dsr-wireless.com/projects/zboss

i just installed again foren6 but there is no option to select tshark !!
i downloaded the deb package
i can see only 3 labels: 6lowpan .ipv6 ,rpl

i really don't see it :)
marco

from foren6.

hi
i compiled foren6 from source and i got the menu !
i checked the old tshark box but still 👍
tshark: Couldn't run /usr/bin/dumpcap in child process: Permission denied

tshark exited
Could not start tshark
:(

from foren6.

I get the same error on MacOS, but works fine when I start foren6 from command line.
It seems like I got "Failed to spawn process: No such file or directory".
Wrapping it in a bash script let me made it work "normally".
#!/bin/sh
export PATH=/usr/local/Cellar/wireshark/2.2.6/bin:$PATH
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
script -q /dev/null "$DIR/foren6.original" #> /tmp/errors.txt

from foren6.

platform with x64 machine

Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial

I start foren6 with "sudo make run" command.The interface is virtually different from the one when you start foren6 with ubuntu menu usually. I did not check "old tshark" on preferences either.

from foren6.