Ask Your Question
0

The capture session could not be initiated on capture device "***" (You don't have permission to capture on that device).

asked 2022-08-27 19:33:19 +0000

dai gravatar image

Hello,
I got a tshark(Wireshark) 4.0.0rc1 source code, then built and ran it, but got the error below.

[email protected]:~$ tshark
Capturing on 'enp0s3'
tshark: The capture session could not be initiated on capture device "enp0s3" (You don't have permission to capture on that device).
Please check to make sure you have sufficient permissions.

On Debian and Debian derivatives such as Ubuntu, if you have installed Wireshark from a package, try running

    sudo dpkg-reconfigure wireshark-common

selecting "<yes>" in response to the question

    Should non-superusers be able to capture packets?

adding yourself to the "wireshark" group by running

    sudo usermod -a -G wireshark {your username}

and then logging out and logging back in again.
tshark: 
0 packets captured
[email protected]:~$ groups
user2 sudo wireshark
[email protected]:~$ 

As shown in the results of the groups command, the tshark execution user (user2) is already added to the wireshark group.
I get the same error when trying to capture with Wireshark.

How can I resolve this?

My execution environment is as follows.

OS: Ubuntu 20.04.1 LTS (VirtualBox)
VirtualBox: 6.1.16 r140961 (Qt5.6.2)
tshark(Wireshark): 4.0.0rc1

I got the source code from here. https://2.na.dl.wireshark.org/src/all...


Thank you.

edit retag flag offensive close merge delete

Comments

Did you build a deb package that you installed, or are you trying to run it from a build directory?

Jaap gravatar imageJaap ( 2022-08-27 20:14:35 +0000 )edit

Did you follow the instructions at https://wiki.wireshark.org/CaptureSet... ?

André gravatar imageAndré ( 2022-08-27 20:59:51 +0000 )edit

>Did you build a deb package that you installed,
I followed the steps below to build and install from the tar.xz file.
1.I downloaded and extracted the tar.gz file from here( https://2.na.dl.wireshark.org/src/all... ).
2.I ran this command in terminal(cd "extracted dir").
3.I ran this command in terminal( cmake . ).
4.I ran this command in terminal( make ).
5.I ran this command in terminal( sudo make install ).
6-1.I ran this command in terminal( sudo dpkg-reconfigure wireshark-common ).
6-2.I selected "Yes" in response to the question.
7.I ran this command in terminal( sudo usermod -a -G wireshark "username" ).
8.I ran this command in terminal( tshark ).
After that I got the error in the question I posted.

>or are you trying to run it from a build directory?
I ran the tshark command in various directories.
And I ...(more)

dai gravatar imagedai ( 2022-08-27 22:17:07 +0000 )edit

What do the commands:

which tshark

which dumpcap

getcap `which dumpcap`

print?

Guy Harris gravatar imageGuy Harris ( 2022-08-28 06:59:23 +0000 )edit

>Guy Hams

[email protected]:~$ which tshark
/usr/local/bin/tshark
[email protected]:~$ which dumpcap
/usr/local/bin/dumpcap
[email protected]:~$ getcap `which dumpcap`
/usr/local/bin/dumpcap = cap_net_admin,cap_net_raw+eip
dai gravatar imagedai ( 2022-08-28 07:38:02 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2022-08-28 04:58:55 +0000

Jaap gravatar image

You've created a situation in which you've installed Wireshark deb packages from the distribution and build and installed Wireshark from source. Even though this is possible one has to be aware of what programs you run when using the various tools.

Depending on the composition of your PATH environment variable in your shell running tshark may either run the deb package installed one, or your own locally build and installed one.

Running sudo dpkg-reconfigure wireshark-common has only effect on the deb package installed Wireshark programs, not the locally build and installed dumpcap.

Setting the capabilities directly on the locally build and installed dumpcap does solve the underlying problem for the locally build and installed tshark.

edit flag offensive delete link more

Comments

I understood.
Thank you.

dai gravatar imagedai ( 2022-08-28 05:13:51 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2022-08-27 19:33:19 +0000

Seen: 1,012 times

Last updated: Aug 28 '22