Error to perform packet captures using Wireshark in EVE-NG

Introduction

Hi Community,

This article today is for everyone who enjoys EVE-NG tool to play with your labs.

The problem has been discovered during a lab that was running and found the solution, and I would like to share it for that in case you face the same issue.

What is the Issue?

If you do not know, when we are running any lab in EVE-NG, you can perform live packet capture using Wireshark, in order to analyze the end-to-end traffic between two endpoints.

In an attempt to perform packet captures in EVE-NG using Wireshark, I have found an error that stucked me in some analysis that I needed to do.

The issue happens when you right-click on the node, select capture, choose the interface you wish to perform the capture, and click on Open wireshark_wrapper.

The software Wireshark will open, however you will receive an error "End of file on pipe magic during open.".

That issue happens, if during the EVE-NG server setup you change the default password for the user root.

By default the EVE-NG credential is, username root and password eve.

Solution

To solve that error, it's a very simple step.

You need to open the Notepad in Administrator mode. Go to menu File > Open. From Windows explorer, go to C:\Program Files\EVE-NG and select the option All Files (*.*), and open the file wireshark_wrapper.bat.

From the file, change the password eve for the new password that you have reated, and save it.

After that, you can try again to perform the capture using Wireshark, and you will see all the packets between the network devices.

If you have faced the same issue, and/or have resolved it by a different way, please share with us in the comments.?

I hope you have enjoyed the reading.

Thanks!

Jonas Resende