What you should do is:
- install with "non-superusers should be allowed to capture from network interfaces";
- run
sudo gpasswd -a $USER wireshark
from the command line.
At minimum, after doing the sudo gpasswd ...
, you will have to log out and log in again, but if that doesn't fix the problem, you may have to reboot.
First of all, it was not exactly clear which colour was meant to select the Yes or No answer on the configuration whether a non-superuser should be able to capture packets of network interfaces. I thought it was the red background when I selected a button.
The color indicates which of the two buttons, Yes and No, is currently selected. The Tab key switches between Yes and No.
When installing Wireshark with Synaptic, there's just a single button to push to select allowing non-root users to capture.
We should probably document this in the User's Guide.
When I selected that non-superusers should be allowed, I haven't seen the hardware network interfaces.
That's because Ubuntu's installer only does half the job. It configures Wireshark so that dumpcap, the program that does the capturing, has the appropriate capabilities set, so that it can open capture files without running as root (running with that capability is safer than running as root), and is set up only to be executable by root and by users in the group "wireshark", but it does NOT add the user who installs Wireshark to the "wireshark" group. You have to do that yourself.
This means that you don't have permission to run dumpcap, so, when Wireshark runs it to get a list of interfaces, that fails, and Wireshark does not report an error for this.
When I seleceted that they are not, the hardware network interfaces showed up, but when I tried to capture packets, the system said I cannot access that network interface.
That's because, in tat case, dumpcap can be run by anybody, but it doesn't have the appropriate capabilities set, and getting a list of interfaces does not require those capabilities - only capturing on them does. I.e., Wireshark can run dumpcap to get a list of the interfaces, but if it runs it to capture, dumpcap gets a "permission denied" error when trying to open the interface for capturing.
The solution was to run Wireshark with sudo.
That's... not a good idea, given how large Wireshark is; running it with root privileges is not recommended.
Is this a bug in Wireshark or I didn't do something correctly?
There are a bunch of problems here, one of which is a Wireshark bug, but fixing that bug won't make it possible to capture, it will, at best, tell you what you have to do to fix the other problems, which aren't Wireshark bugs:
- The Ubuntu Wireshark package doesn't indicate that the "non-superusers should be allowed to capture traffic" means "selected non-superusers should be allowed to capture traffic ...
(more)
There are instructions to configure capture for non-elevated users: https://wiki.wireshark.org/CaptureSetup/CapturePrivileges#other-linux-based-systems-or-other-installation-methods.
For most Linux distros, I do three things: