Ask Your Question

Self compiled tshark has no permission to capture on device

asked 2020-04-25 19:55:15 +0000

hr0m gravatar image

On a Debian system, i have installed wireshark/tshark from the repository. So I had a working version.

However due to truncation, i needed to compile tshark with ITEM_LABEL_LENGTH set to much higher value, since i am interested in the data on a websocket.

I successfully compiled tshark and dumpcap. I can run it with sudo, however I am not able to run tshark with my usual user anymore. It is possible with the tshark version from Debian's repositories.

I have tried to set WIRESHARK_RUN_FROM_BUILD_DIRECTORY as proposed here

(Possible duplicate of this, however I didn't come to a solution)

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2020-04-25 20:16:56 +0000

Chuckc gravatar image

updated 2020-04-25 20:18:39 +0000

Have you looked at the permissions/ownership on both binaries?

Running Wireshark as You

Platform-Specific information about capture privileges

edit flag offensive delete link more



setcap cap_net_raw,cap_net_admin=eip dumpcap has done the trick

hr0m gravatar imagehr0m ( 2020-04-25 21:54:41 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2020-04-25 19:55:15 +0000

Seen: 774 times

Last updated: Apr 25 '20