On 04/10/2014 05:04 AM, Maykel Franco wrote:
Hi, I have installed wireshark-gtk2. But when go to Capture/Interfaces I get this error:
There are no interfaces on which a capture can be done.
I follow this steps:
Setting network privileges for dumpcap
- Ensure your linux kernel and filesystem supports File Capabilities
and also you have installed necessary tools.
"setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap"
Start Wireshark as non-root and ensure you see the list of
interfaces and can do live capture.
Limiting capture permission to only one group
Create user "wireshark" in group "wireshark".
"chgrp wireshark /usr/bin/dumpcap"
chmod 754 /usr/bin/dumpcap
"setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap"
Ensure Wireshark works only from root and from a user in the
"wireshark" group
Thanks in advanced.
That's strange. This is the same error that appears when running wireshark as a user not assigned to the wireshark group.
The only configuration I had to do was add myself to the wireshark group (which wireshark-gtk2 created):
# gpasswd -a kyle wireshark
This is according to the instructions on the wiki [1].
Here is some information on how dumpcap is installed on my box:
kyle@landru ~ $ ls -la /usr/bin/dumpcap -rwxr-xr-- 1 root wireshark 85648 Apr 10 12:45 /usr/bin/dumpcap kyle@landru ~ $ getcap /usr/bin/dumpcap /usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip kyle@landru ~ $ stat /usr/bin/dumpcap File: ‘/usr/bin/dumpcap’ Size: 85648 Blocks: 168 IO Block: 4096 regular file Device: 801h/2049d Inode: 1069550 Links: 1 Access: (0754/-rwxr-xr--) Uid: ( 0/ root) Gid: ( 150/wireshark) Access: 2014-04-11 10:35:22.830667985 -0700 Modify: 2014-04-10 12:45:35.000000000 -0700 Change: 2014-04-11 10:35:11.947230948 -0700 Birth: - kyle@landru ~ $ lsattr /usr/bin/dumpcap -------------e-- /usr/bin/dumpcap kyle@landru ~ $ pacman -Qo /usr/bin/dumpcap /usr/bin/dumpcap is owned by wireshark-gtk2 1.10.6-1 kyle@landru ~ $
--Kyle