OSQA is unmaintained. Help us figure out where to go from here.

I've tried the procedures listed in the CaptureSetup/CapturePrivileges, and the Debian specific file, but still see no interfaces. I saw an earlier post referring to bpf* file permissions, but this appears to only be relevant to Mac OS X users. I'm running Ubuntu 10.04 LTS. Any ideas?

asked 20 Nov '11, 18:13

mrcpuhead's gravatar image

accept rate: 0%

Hope i'm not stating the obvious here...? Wireshark will only see interfaces that are actually active, are they? use 'ifconfig' on the prompt to see use 'ifconfig eth0 up' to activate then check wireshark again

(21 Nov '11, 02:55) Marc

Yes, the eth0 interface is quite active!

(21 Nov '11, 04:11) mrcpuhead

I had the same problem. I couldn't figure out the specific files/devices that needed permissions in Ubuntu, so I resorted to:

$ sudo wireshark

I didn't mind running as root since I was in a VM.

(21 Nov '11, 04:59) bstn

Sorry, had to ask :-) 2nd obvious thing then would be to see if it would run under sudo..

(21 Nov '11, 05:00) Marc

While this might work (and is fine inside a VM), it should generally be avoided. The http://wiki.wireshark.org/CaptureSetup/CapturePrivileges article lays out what needs to be done, and file:///usr/share/doc/wireshark-common/README.Debian is the relevant document in this case.

(21 Nov '11, 05:57) multipleinte...

Haven't tried sudo yet - I'm willing to be it'll work - just didn't want to run wireshark that way if I didn't have to.

(21 Nov '11, 09:24) mrcpuhead

As I mentioned in my orig post, I went to the aforementioned pages, and did what they said, with no luck. The problem is that the README.Debian page doesn't really give the needed steps, it only states in general what you need to do. I'm comfortable enough with Linux to run through most any procedure. This one simply didn't work. I even tried the "Other linux based..." steps: I verified wireshark group membership, group ownership of the dumpcap file, and the setcap command. No joy!

(21 Nov '11, 09:41) mrcpuhead
  1. Did you install Wireshark via a package (apt-get install wireshark or similar) or from source?
  2. What are the user and group ownership and file permissions of /usr/bin/dumpcap (as provided by ls -l /usr/bin/dumpcap)?
  3. Did the setcap command result in any error output?
  4. What command do you execute to launch wireshark (if you use a launcher, what command does it execute)? If it is just wireshark, what is the output of file $(which wireshark)?

Edit: Also, have you verified group membership in wireshark, and logged out and back in at least once?

(21 Nov '11, 11:15) multipleinte...

For all you non Linux people like me. I just copied the icon to the desktop, then right clicked and opened as root. This opened the contain folder and I launched it (double Clicked) from there. Wireshark then prompted me it was running as root. I may become a Linux user yet.

(27 Mar '13, 08:11) dskaiser

As per the comment by @helloworld above running Wireshark as root is not a good idea. Wireshark contains millions of lines of code and the potential for exploitation is considerable.

Was there something deficient in the instructions in the accepted answer by @helloworld?

(27 Mar '13, 09:17) grahamb ♦
showing 5 of 10 show 5 more comments

EDIT: The instructions from README.Debian actually do work (except it's missing the step that tells you to log out and then back in). The dpkg-reconfigure command creates the wireshark group (so you don't need to), but then you need to add your user to the group, and re-login.

These commands work for me with Wireshark 1.6.2 on Ubuntu Server 11.10 (64-bit):

$ sudo apt-get install wireshark
$ sudo dpkg-reconfigure wireshark-common 
$ sudo usermod -a -G wireshark $USER
$ sudo reboot

Instead of rebooting, you can logout with this command:

  • Ubuntu Desktop:
    $ gnome-session-quit --logout --no-prompt
  • Ubuntu Server:
    $ pkill -KILL -u $USER 

or simply (if you're already at the login shell):

$ exit

If the solution above still fails on your system, an alternative is to set the setuid bit for dumpcap (which lets dumpcap run effectively as the owner of the file, which is root in this case):

$ sudo chmod 4711 `which dumpcap`

(FYI: There's an open ticket for this "security vulnerability", but no one seems to have done anything about it since it was reported JAN-2010.)****

permanent link

answered 21 Nov '11, 15:20

helloworld's gravatar image

accept rate: 27%

edited 16 Dec '11, 07:47


helloworld - that last command (sudo chmod 4711 'which dumpcap') did the trick - Thanks!

(22 Nov '11, 19:19) mrcpuhead

It really work for me too!!! great boss!!!

(27 Apr '12, 23:39) kuldip

If you don't want to kill your GNOME session process, you can run Wireshark from the command line using newgrp to get the new group privileges:

newgrp wireshark
(wireshark &)

The parenthesis and ampersand will run the process in the background, detached from the shell process, so you can log out from the terminal without losing the Wireshark.

(31 Jul '12, 19:41) D_Bezborodov

possibly, sudo chmod 4711 'sudo which dumpcap'. which dumpcap returned nothing when executed as myself.

(20 May '14, 10:51) xtofl

only did , sudo chmod 4711 'which dumpcap' , and interfaces appeared.

(06 Jan '15, 06:47) oori

TONY; Thank you sir!! WORKED Perfectly... "sudo chmod 4711 which dumpcap" & Of Course returned "nothing" (AHEM!) as permissions were only being changed, hence no dialog should gbe expected after command entered. Thank you again "helloworld" {Tony}!
... (Linux Mint; via "official" .deb ~ April 19th 2016) THANK You sir!

(09 May '16, 19:08) krstep2
showing 5 of 6 show 1 more comments

Complete solution found at http://cmc.site11.com/?p=2165

sudo addgroup -system wireshark
sudo chown root:wireshark /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
sudo usermod -a -G wireshark YOUR_USER_NAME

Then just start Wireshark and select the network interface. It worked for me on 10.04 LTS.

permanent link

answered 04 Apr '12, 11:41

kyphos's gravatar image

accept rate: 0%

bravo!!! these commands works fine in my ubuntu 12.04 lts thnk..

(13 Jan '13, 11:13) dipesh

Yes It's Working

(31 Jan '13, 02:45) Rajitha

Did this as it seemed quicker than the other methods - seems to be working :)

(15 Mar '14, 09:40) alexgmcm

on mu ubuntu 13.10 and wireshark Version 1.10.2 (SVN Rev 51934 from /trunk-1.10) works perfect!!!!

(22 May '14, 10:05) nicksat

Worked perfectly for me on Xubuntu 14.04. Well done and thank you.

(12 Jun '14, 19:35) funklebits

Its work for me, Using Ubuntu 14.04. Thank you buddy. @kyphos

(30 Jul '14, 09:31) gamer_h2so4

Thanks, perfect, Raspberry Pi, RPi

(24 Feb '15, 03:59) Diez66

Yep, worked for me too!

(10 Apr '15, 15:14) herogee

CAN I GET SOME HELP? What do i do with the sudo? where would i add them?

(13 Oct '16, 12:54) JKeaney

You don't add them anywhere. You run these commands just once, in the order given. sudo allows you to execute commands as superuser although you're not logged in as such.

What you actually do is:

sudo addgroup -system wireshark - you add a new group of users called wireshark

sudo chown root:wireshark /usr/bin/dumpcap - you make user root and group wireshark the owners of /usr/bin/dumpcap which is the binary which actually does the capture. With this setting, any member of the group wireshark can start the binary

sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap - allow the binary to access the interfaces and capture on them

sudo usermod -a -G wireshark YOUR_USER_NAME - you make Mr. YOUR_USER_NAME also a member of the group wireshark (also because he remains a member of his original group), so if that user runs Wireshark, that instance of Wireshark can start dumpcap.

(13 Oct '16, 13:26) sindy
showing 5 of 10 show 5 more comments
sudo groupadd wireshark
sudo usermod -a -G wireshark $USER
sudo chgrp wirshark /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
permanent link

answered 10 Feb '14, 04:16

adamali's gravatar image

accept rate: 0%

edited 24 Feb '15, 04:05

grahamb's gravatar image

grahamb ♦

Thanks Graham, it works now!!!!

(01 Jul '15, 00:43) paysan
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 20 Nov '11, 18:13

question was seen: 216,259 times

last updated: 13 Oct '16, 13:26

p​o​w​e​r​e​d by O​S​Q​A