Unable to view plugins in ubuntu "22.04.5 LTS (Jammy Jellyfish)"

[sankyhack]

Description

Hello Team,

I am currently using wireshark 3.6.2, and similar version of traceeshark
https://github.com/aquasecurity/traceeshark/releases/download/v0.3.6/traceeshark-v0.3.6-linux-x86_64-wireshark-3.6.2.zip
Traceeshark version -> 3.6.2

Output of tshark -G plugins

root@victim2:~# tshark -G plugins
Running as user "root" and group "root". This could be dangerous.
ethercat.so 0.1.0 dissector /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/ethercat.so
gryphon.so 0.0.4 dissector /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/gryphon.so
irda.so 0.0.6 dissector /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/irda.so
mate.so 1.0.1 dissector /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/mate.so
opcua.so 1.0.0 dissector /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/opcua.so
profinet.so 0.2.4 dissector /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/profinet.so
stats_tree.so 0.0.1 dissector /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/stats_tree.so
transum.so 2.0.4 dissector /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/transum.so
unistim.so 0.0.2 dissector /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/unistim.so
usbdump.so 0.0.1 file type /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/wiretap/usbdump.so
wimax.so 1.2.0 dissector /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/wimax.so
wimaxasncp.so 0.0.1 dissector /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/wimaxasncp.so
wimaxmacphy.so 0.0.1 dissector /usr/lib/x86_64-linux-gnu/wireshark/plugins/3.6/epan/wimaxmacphy.so
ciscodump 1.0.0 extcap /usr/lib/x86_64-linux-gnu/wireshark/extcap/ciscodump
dpauxmon 0.1.0 extcap /usr/lib/x86_64-linux-gnu/wireshark/extcap/dpauxmon
randpktdump 0.1.0 extcap /usr/lib/x86_64-linux-gnu/wireshark/extcap/randpktdump
sdjournal 1.0.0 extcap /usr/lib/x86_64-linux-gnu/wireshark/extcap/sdjournal
sshdump 1.0.0 extcap /usr/lib/x86_64-linux-gnu/wireshark/extcap/sshdump
tracee-capture.py 0.3.6 extcap /root/.config/wireshark/extcap/tracee-capture.py
udpdump 0.1.0 extcap /usr/lib/x86_64-linux-gnu/wireshark/extcap/udpdump

Wireshark version -> 3.6.2
Wireshark 3.6.2 (Git v3.6.2 packaged as 3.6.2-2)

Additional details

In wireshark I can see the "Tracee capture : tracee" -> live capture is visible
I am able to capture the logs as well but they are not getting parsed. (screenshot attached)
When I installed traceeshark with install.sh I am getting below messages,

[] Installed profile to /root/.config/wireshark/profiles/Tracee
[] Installed plugins to /root/.local/lib/wireshark/plugins/3.6
[*] Installed extcap to /root/.config/wireshark/extcap

Do let me know in case any more information is required.

Thanks and Regards,
Sanky

[oshaked1]

Hi Sanky, sadly Wireshark does not allow loading external plugins when running as root. Try installing Traceeshark and running Wireshark with a normal user.