On 04/10/2014 05:04 AM, Maykel Franco wrote:
Hi, I have installed wireshark-gtk2. But when go to Capture/Interfaces I get this error:
There are no interfaces on which a capture can be done.
I follow this steps:
Setting network privileges for dumpcap
1. Ensure your linux kernel and filesystem supports File Capabilities and also you have installed necessary tools.
2. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap"
3. Start Wireshark as non-root and ensure you see the list of interfaces and can do live capture.
Limiting capture permission to only one group
1. Create user "wireshark" in group "wireshark".
2. "chgrp wireshark /usr/bin/dumpcap"
3. chmod 754 /usr/bin/dumpcap
4. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap"
5. Ensure Wireshark works only from root and from a user in the "wireshark" group
Thanks in advanced.
That's strange. This is the same error that appears when running wireshark as a user not assigned to the wireshark group. The only configuration I had to do was add myself to the wireshark group (which wireshark-gtk2 created): # gpasswd -a kyle wireshark This is according to the instructions on the wiki [1]. Here is some information on how dumpcap is installed on my box:
kyle@landru ~ $ ls -la /usr/bin/dumpcap -rwxr-xr-- 1 root wireshark 85648 Apr 10 12:45 /usr/bin/dumpcap kyle@landru ~ $ getcap /usr/bin/dumpcap /usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip kyle@landru ~ $ stat /usr/bin/dumpcap File: ‘/usr/bin/dumpcap’ Size: 85648 Blocks: 168 IO Block: 4096 regular file Device: 801h/2049d Inode: 1069550 Links: 1 Access: (0754/-rwxr-xr--) Uid: ( 0/ root) Gid: ( 150/wireshark) Access: 2014-04-11 10:35:22.830667985 -0700 Modify: 2014-04-10 12:45:35.000000000 -0700 Change: 2014-04-11 10:35:11.947230948 -0700 Birth: - kyle@landru ~ $ lsattr /usr/bin/dumpcap -------------e-- /usr/bin/dumpcap kyle@landru ~ $ pacman -Qo /usr/bin/dumpcap /usr/bin/dumpcap is owned by wireshark-gtk2 1.10.6-1 kyle@landru ~ $
--Kyle [1]: https://wiki.archlinux.org/index.php/Wireshark