Wireshark dumpcap with setcap set to no-root capture failes to start in Ubuntu 18.10

asked 2019-10-06 17:18:39 +0000

eiselekd gravatar image

I have recompiled the latest version of Wireshark with prefix /my-path/bin/ and want to setup non-root capture of packets. However when I set

setcap cap_net_raw,cap_net_admin=eip /my-path/bin/dumpcap

then somehow dumpcap cannot be started anymore and exits with:

/my-path/bin/dumpcap: error while loading shared libraries: libwsutil.so.0: cannot open shared object file: No such file or directory

/my-path/lib/libwsutil.so.0 is present and if I revert the capabilities with

setcap -r /my-path/bin/dumpcap

I can run dumpcap again. Is there some security feature that I need to take into account? I'm running Ubuntu 18.10.

edit retag flag offensive close merge delete