Tshark can not be initiated under WSL (Windows Subsystem Linux) ((socket: Adress Family not supported by protocoll))

Question

I'm visiting a computer network course. For learning purposes I'd like to run tshark in my WSL-Debian under Windows.

I succesfully installed it using: sudo apt-get install tshark

My Version using tshark -v --> TShark (Wireshark) 3.4.10 (Git v3.4.10 packaged as 3.4.10-0+deb11u1)

sudo tshark -D Outputs several "ports" (?)

but when i use the simple command tshark It says: "Capturing on 'eth0' tshark: The capture session could not be initiated on interface 'eth0' (socket: Address family not supported by protocol)....."

Is it an illusion to run tshark on WSL? I've read somewhere that it should be possible

-edit: Working on WSL1

Answer 1

I love WSL, but it probably isn't the right tool for you in this case. Neither WSL1 nor WSL2 is "great" for running any packet capturing, for differing reasons:

• WSL1, in my experience, isn't going to work at all. Network interfaces in WSL1 are not "real" Linux network interfaces. All Linux syscalls in WSL1 go through a "translation layer" where they are matched to Windows APIs. There are advantages and disadvantages to this. While, you really can see the Windows network interfaces with Linux commands (e.g. ip addr), these are Windows network interfaces, not Linux.

  As such, there's only "so much" that has been translated. And dang, IMHO, WSL1 does an amazing job of running so much with those limitations, but promiscuous network captures are not one of the things that are translated.

• WSL2, on the other hand, is a real Linux kernel running in a virtualized environment. tshark will run and capture packets originating from and destined to the virtual network, but it won't see (for example) traffic between your phone and your Windows host on the WiFi network. WSL2 has no concept of that WiFi network, since it's NAT'd behind the virtual Hyper-V switch.

Regardless, at the least you should switch to WSL2 for this.

However, I would recommend that the better option for your course would be running several virtual machines with something like VirtualBox (or even Hyper-V if you have Windows Pro or Education). This will give you complete control over the virtual network; WSL just won't give that to you.