[arch-general] Error in wireshark-gtk2 in show interfaces for capture

Kyle Terrien kyleterrien at gmail.com
Fri Apr 11 13:43:51 EDT 2014 

On 04/10/2014 05:04 AM, Maykel Franco wrote:
> Hi, I have installed wireshark-gtk2. But when go to Capture/Interfaces
> I get this error:
> 
> There are no interfaces on which a capture can be done.
> 
> I follow this steps:
> 
> Setting network privileges for dumpcap
> 
> 1. Ensure your linux kernel and filesystem supports File Capabilities
> and also you have installed necessary tools.
> 
> 2. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap"
> 
> 3. Start Wireshark as non-root and ensure you see the list of
> interfaces and can do live capture.
> 
> Limiting capture permission to only one group
> 
> 1. Create user "wireshark" in group "wireshark".
> 
> 2. "chgrp wireshark /usr/bin/dumpcap"
> 
> 3. chmod 754 /usr/bin/dumpcap
> 
> 4. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap"
> 
> 5. Ensure Wireshark works only from root and from a user in the
> "wireshark" group
> 
> 
> Thanks in advanced.
> 

That's strange. This is the same error that appears when running
wireshark as a user not assigned to the wireshark group.

The only configuration I had to do was add myself to the wireshark group
(which wireshark-gtk2 created):

# gpasswd -a kyle wireshark

This is according to the instructions on the wiki [1].

Here is some information on how dumpcap is installed on my box:

> kyle at landru ~ $ ls -la /usr/bin/dumpcap 
> -rwxr-xr-- 1 root wireshark 85648 Apr 10 12:45 /usr/bin/dumpcap
> kyle at landru ~ $ getcap /usr/bin/dumpcap 
> /usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip
> kyle at landru ~ $ stat /usr/bin/dumpcap 
>   File: ‘/usr/bin/dumpcap’
>   Size: 85648     	Blocks: 168        IO Block: 4096   regular file
> Device: 801h/2049d	Inode: 1069550     Links: 1
> Access: (0754/-rwxr-xr--)  Uid: (    0/    root)   Gid: (  150/wireshark)
> Access: 2014-04-11 10:35:22.830667985 -0700
> Modify: 2014-04-10 12:45:35.000000000 -0700
> Change: 2014-04-11 10:35:11.947230948 -0700
>  Birth: -
> kyle at landru ~ $ lsattr /usr/bin/dumpcap
> -------------e-- /usr/bin/dumpcap
> kyle at landru ~ $ pacman -Qo /usr/bin/dumpcap 
> /usr/bin/dumpcap is owned by wireshark-gtk2 1.10.6-1
> kyle at landru ~ $ 

--Kyle

[1]: https://wiki.archlinux.org/index.php/Wireshark

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20140411/b2fc1ab8/attachment.asc>

More information about the arch-general mailing list