Results 1 to 10 of 10

Thread: No internet unless wireshark is active

  1. #1
    Join Date
    2014-Mar
    Posts
    163

    No internet unless wireshark is active

    This could be crazy , but if i start a dhcp wired connection on my kali , it won recieve a dhcp lease from router unless i start wireshark on that interface !!!!
    I gave up on network-manager and installed wicd , i removed completly network manager from my system , but for some unknow reason i am unable to get a normal dhcp lease from router .

    my interfaces file is simple as it could be :
    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).

    # The loopback network interface
    auto lo
    iface lo inet loopback

    # The primary network interface
    # allow-hotplug eth0
    auto eth0
    iface eth0 inet dhcp
    Static ip address is not working on dns level , witch means that i can set an static ip but for some unknow reason i am unable to resolve dns requests .
    and in resolv.conf everything is fine .

    nameserver 1.1.1.1
    nameserver 10.1.1.0
    This is what happens when i restart networking :
    Internet Systems Consortium DHCP Client 4.2.2
    Copyright 2004-2011 Internet Systems Consortium.
    All rights reserved.
    For info, please visit https://www.isc.org/software/dhcp/

    Listening on LPF/eth0/xx:xx:xx:xx:xx:xx
    Sending on LPF/eth0/xx:xx:xx:xx:xx:xx
    Sending on Socket/fallback
    DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
    receive_packet failed on eth0: Network is down
    receive_packet failed on eth0: Network is down
    DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 15
    DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 19
    DHCPREQUEST on eth0 to 255.255.255.255 port 67
    DHCPOFFER from 1.1.1.1 (This part is when i start wireshark)
    DHCPACK from 1.1.1.1
    bound to 1.1.1.10 -- renewal in 3594 seconds.
    done.
    if i shutdown wireshark then i loose internet .
    Funny as it seems to be , it is breaking my head of to figure out what is going on .
    Last edited by pedropt; 2016-06-27 at 21:25.

  2. #2
    Join Date
    2013-Sep
    Posts
    264
    This is indeed one of the weirdest thing i ever saw ... I am absolutely unable to reproduce the error and don't have a queue about what it could be.. maybe you should open a ticket in kali bugtrack for this. good luck

  3. #3
    Join Date
    2014-Mar
    Posts
    163
    I found some errors on boot regarding to ipv6 deactivation witch i already solved in sysctl.conf .
    Today i started up kali and internet was working without wireshark , but i got a surprize .
    A Vlan was configured and was not by me manually , but that vlan config is in my wicd static ip option .
    So wicd this time started a dhcp connection on boot and created the static ip config as a vlan .

    Question :
    Where does wicd stores network configuration ?

    /etc/wicd/ files does not have nothing regarding to this vlan configuration activated
    Last edited by pedropt; 2016-06-29 at 07:17.

  4. #4
    Join Date
    2014-Mar
    Posts
    163
    the problem was that dhcp client was not working right , probably when i removed network-manager dhcp client was removed too .
    i fixed the issue by installing dhcpcd .

    vlan does not show up anymore .

    Eventually , even after this the problem pop up the other day again , so , after a deep look into the kali i notice that my kernel update was not complete , and i reinstall it , and i also installed again network-manager and until now everything is working smoothly .

    Note : this is one of a kind situation that probably no one else will have , but i wrote it here specially for me in future , i am always messing with my kali config , so in future i can guide myself with this post if this happens again .
    Last edited by pedropt; 2016-07-04 at 14:04.

  5. #5
    Join Date
    2014-Mar
    Posts
    163
    Back on this issue .
    It looks that this problem is temporary , and it is without any doubt a driver related issue .
    The conclusion i get to this point is that with a live distribution i also have this issue , so , it is not related to a configuration issue in linux .

    This board have a lan chipset Realtek RTL8111E and it looks that i am not the only one with issues on this chipset .
    anyway , i will give a look to these pages to see if i can solve this issue .

    https://unixblogger.com/2011/10/18/t...ethernet-card/

    https://ubuntuforums.org/showthread.php?t=2148354

    and i will check others configs in bios here , however it is interesting that if it is indeed a bios setting then i should have this issue also in Windows and i dont have it .
    This is a dual boot system .

  6. #6
    Join Date
    2014-Mar
    Posts
    163
    Ok , this is an asrock mother board .
    I never check before witch driver linux was loading for network because sometimes the network was working perfectly , and by default i assumed automatically that this was some kind of dhcp issue or some config messed up .
    Yesterday i was unable to connect to net on linux , for many things i try here , setting up a static ip on the terminal , defining dns requests , etc ....
    Today i try a live distribution of bugtraq to check it out how it was , and i notice that internet was also not working in it !!!
    And by that fact i assumed automatically that this is not a config issue (like i told beforee) .

    Kali is running realtek driver r8169 on this card , but in "lspci" i get :
    03:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller [10ec:8168] (rev 06)
    Subsystem: ASRock Incorporation Motherboard (one of many) [1849:8168]
    Kernel driver in use: r8169
    strange right .

    So , i decided to go to realtek and download their r8168 driver .
    http://www.realtek.com.tw/downloads/...etDown=false#2
    and got the "LINUX driver for kernel 3.x and 2.6.x and 2.4.x" .
    extract it and i have run the autorun script on the tar ball .
    The script renamed the r8169 driver actually running in the system , installed the r8168 driver and updated initramfs after that .
    Right now i have r8168 driver loading and internet is active :
    03:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller [10ec:8168] (rev 06)
    Subsystem: ASRock Incorporation Motherboard (one of many) [1849:8168]
    Kernel driver in use: r8168
    Everything is working ok now , but if i encounter more issues from this i will turn back here .

    NOTE
    In kali Sana , r8169 driver is installed by default when it detects this nic , it could be interesting to change that to r8168 driver instead .
    Last edited by pedropt; 2016-08-21 at 21:42.

  7. #7
    Join Date
    2014-Mar
    Posts
    163
    yesterday i reeboted the system and network card was still working , but today when i started it up then network card was not working again .
    It only works with wireshark active o that interface .
    It looks that this nic to work without any issues must be in promiscuous mode .
    If i take out the promiscuous mode then it stops working .
    A similar topic can be found on this page :
    https://forums.freebsd.org/threads/49518/
    but on that page the user had problems setting a new mac address on the nic , my case is different because with original mac address or not i can get it working as soon as i set that interface in promisc mode , and i am connected to a router .
    I can setup a new mac address and i can have a working connection as long as i keep network card in promiscuous mode .

    Anyone have any idea on what this problem could be ?
    i am a bit lost now .

  8. #8
    Join Date
    2013-Sep
    Posts
    264
    Sincerely not a dam idea
    Maybe, and i say maybe, you could try to change the way wireshark is installed.
    You can choose or not to allow normal users to capture.(your prompt at some stage about that ) traffic or something like that.
    Why should it matter? I don't know...
    But as I don't understand the problem... Why not?
    Good luck

  9. #9
    Join Date
    2014-Mar
    Posts
    163
    This indeed a very strange issue , at first i tough it was the driver of the network card , so i change it , but problem still presists .


    Should i report this issue in kali bugs ?
    This also happens in kali sana 2.0 , but right now i am using wheezy 1.10 version of kali .

  10. #10
    Join Date
    2014-Mar
    Posts
    163
    Found the cause for this problem and a temporary solution .
    I am posting it here for those that may have the same problem .
    When this happens the solution is to remove the module from kernel and reinstall it again .
    Best way is to get the driver from realtek here for RTL8168
    http://www.realtek.com.tw/Downloads/...&GetDown=false

    add a line in /etc/modprobe.d/kali-blacklist.conf
    with :
    blacklist r8169
    Then install the driver from realtek , it should be straight forward .
    after the installation your network will be fine until you get out from kali and enter in other OS in the same machine (dual boot) , ex: Windows .
    When you get to windows your network card will work fine , but if you get out from windows again to linux then the network card will not work again .
    The issue is related to the linux driver no be able to write on the eeprom , i notice that linux was not able to get the real macaddress of the card .
    So ...
    i added this line in "/etc/rc.local" before exit 0
    ./usr/local/rtl/net
    and i have copied the "r8168.ko" module to "/usr/local/rtl/" folder

    i created the "net" script above and gave it execution permissions with "chmod +x net"

    #!/bin/bash
    echo "removing module rtl8168 from kernel"
    rmmod r8168
    sleep 1s
    echo "re-installing module r8168 into kernel"
    insmod /usr/local/rtl/r8168.ko
    In my case , i created a directory in "/usr/local/rtl" with the module there and the script .
    But anyone with this problem can put the script or the module anywhere you want as long the script points to the correct location where the module is and as long as in rc.local run command is pointing to the right directory where files are .
    Other way to put card working without removing and re-installing the module is to put network card in promisc mode , witch is strange , and that was the reason why everytime i started wireshark the network card started to work .
    to put network card in promisc mode you just have to write :
    ifconfig eth0 promisc
    Last edited by pedropt; 2016-12-21 at 00:45.

Similar Threads

  1. lvmetad is not active yet (message at boot)
    By luthor in forum TroubleShooting Archive
    Replies: 2
    Last Post: 2016-09-03, 12:57
  2. Active Directory
    By monkeyhouse in forum General Archive
    Replies: 0
    Last Post: 2015-04-09, 13:56
  3. Minimize all active windows
    By photomancia in forum General Archive
    Replies: 6
    Last Post: 2014-05-11, 22:29
  4. Accessing Active Hard Drive via USB (Android)
    By CodemasterRob in forum ARM Archive
    Replies: 0
    Last Post: 2014-03-04, 19:06

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •