12
5

I've tried the procedures listed in the CaptureSetup/CapturePrivileges, and the Debian specific file, but still see no interfaces. I saw an earlier post referring to bpf* file permissions, but this appears to only be relevant to Mac OS X users. I'm running Ubuntu 10.04 LTS. Any ideas?

asked 20 Nov '11, 18:13

mrcpuhead's gravatar image

mrcpuhead
186335
accept rate: 0%

Hope i'm not stating the obvious here...? Wireshark will only see interfaces that are actually active, are they? use 'ifconfig' on the prompt to see use 'ifconfig eth0 up' to activate then check wireshark again

(21 Nov '11, 02:55) Marc

Yes, the eth0 interface is quite active!

(21 Nov '11, 04:11) mrcpuhead
-1

I had the same problem. I couldn't figure out the specific files/devices that needed permissions in Ubuntu, so I resorted to:

$ sudo wireshark

I didn't mind running as root since I was in a VM.

(21 Nov '11, 04:59) bstn

Sorry, had to ask :-) 2nd obvious thing then would be to see if it would run under sudo..

(21 Nov '11, 05:00) Marc
1

While this might work (and is fine inside a VM), it should generally be avoided. The http://wiki.wireshark.org/CaptureSetup/CapturePrivileges article lays out what needs to be done, and file:///usr/share/doc/wireshark-common/README.Debian is the relevant document in this case.

(21 Nov '11, 05:57) multipleinte...

Haven't tried sudo yet - I'm willing to be it'll work - just didn't want to run wireshark that way if I didn't have to.

(21 Nov '11, 09:24) mrcpuhead

As I mentioned in my orig post, I went to the aforementioned pages, and did what they said, with no luck. The problem is that the README.Debian page doesn't really give the needed steps, it only states in general what you need to do. I'm comfortable enough with Linux to run through most any procedure. This one simply didn't work. I even tried the "Other linux based..." steps: I verified wireshark group membership, group ownership of the dumpcap file, and the setcap command. No joy!

(21 Nov '11, 09:41) mrcpuhead
  1. Did you install Wireshark via a package (apt-get install wireshark or similar) or from source?
  2. What are the user and group ownership and file permissions of /usr/bin/dumpcap (as provided by ls -l /usr/bin/dumpcap)?
  3. Did the setcap command result in any error output?
  4. What command do you execute to launch wireshark (if you use a launcher, what command does it execute)? If it is just wireshark, what is the output of file $(which wireshark)?

Edit: Also, have you verified group membership in wireshark, and logged out and back in at least once?

(21 Nov '11, 11:15) multipleinte...
-1

For all you non Linux people like me. I just copied the icon to the desktop, then right clicked and opened as root. This opened the contain folder and I launched it (double Clicked) from there. Wireshark then prompted me it was running as root. I may become a Linux user yet.

(27 Mar '13, 08:11) dskaiser

As per the comment by @helloworld above running Wireshark as root is not a good idea. Wireshark contains millions of lines of code and the potential for exploitation is considerable.

Was there something deficient in the instructions in the accepted answer by @helloworld?

(27 Mar '13, 09:17) grahamb ♦
showing 5 of 10 show 5 more comments

EDIT: The instructions from README.Debian actually do work (except it's missing the step that tells you to log out and then back in). The dpkg-reconfigure command creates the wireshark group (so you don't need to), but then you need to add your user to the group, and re-login.

These commands work for me with Wireshark 1.6.2 on Ubuntu Server 11.10 (64-bit):

$ sudo apt-get install wireshark
$ sudo dpkg-reconfigure wireshark-common 
$ sudo usermod -a -G wireshark $USER
$ sudo reboot

Instead of rebooting, you can logout with this command:

  • Ubuntu Desktop:
    $ gnome-session-quit --logout --no-prompt
  • Ubuntu Server:
    $ pkill -KILL -u $USER 

or simply (if you're already at the login shell):

$ exit

If the solution above still fails on your system, an alternative is to set the setuid bit for dumpcap (which lets dumpcap run effectively as the owner of the file, which is root in this case):

$ sudo chmod 4711 `which dumpcap`

(FYI: There's an open ticket for this "security vulnerability", but no one seems to have done anything about it since it was reported JAN-2010.)****

link

answered 21 Nov '11, 15:20

helloworld's gravatar image

helloworld
2.8k21940
accept rate: 27%

edited 16 Dec '11, 07:47

helloworld - that last command (sudo chmod 4711 'which dumpcap') did the trick - Thanks!

(22 Nov '11, 19:19) mrcpuhead

It really work for me too!!! great boss!!!

(27 Apr '12, 23:39) kuldip
1

If you don't want to kill your GNOME session process, you can run Wireshark from the command line using newgrp to get the new group privileges:

newgrp wireshark
(wireshark &)
^D

The parenthesis and ampersand will run the process in the background, detached from the shell process, so you can log out from the terminal without losing the Wireshark.

(31 Jul '12, 19:41) D_Bezborodov

possibly, sudo chmod 4711 'sudo which dumpcap'. which dumpcap returned nothing when executed as myself.

(20 May, 10:51) xtofl

Complete solution found at http://cmc.site11.com/?p=2165

sudo addgroup -system wireshark
sudo chown root:wireshark /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
sudo usermod -a -G wireshark YOUR_USER_NAME

Then just start Wireshark and select the network interface. It worked for me on 10.04 LTS.

link

answered 04 Apr '12, 11:41

kyphos's gravatar image

kyphos
9122
accept rate: 0%

bravo!!! these commands works fine in my ubuntu 12.04 lts thnk..

(13 Jan '13, 11:13) dipesh

Yes It's Working

(31 Jan '13, 02:45) Rajitha

Did this as it seemed quicker than the other methods - seems to be working :)

(15 Mar, 09:40) alexgmcm

on mu ubuntu 13.10 and wireshark Version 1.10.2 (SVN Rev 51934 from /trunk-1.10) works perfect!!!!

(22 May, 10:05) nicksat

Worked perfectly for me on Xubuntu 14.04. Well done and thank you.

(12 Jun, 19:35) funklebits

Its work for me, Using Ubuntu 14.04. Thank you buddy. @kyphos

(14 hours ago) gamer_h2so4
showing 5 of 6 show 1 more comments

sudo groupadd wireshark sudo usermod -a -G wireshark $USER sudo chgrp wirshark /usr/bin/dumpcap sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

link

answered 10 Feb, 04:16

adamali's gravatar image

adamali
102
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×46
×34

Asked: 20 Nov '11, 18:13

Seen: 94,878 times

Last updated: 14 hours ago

powered by OSQA