[arch-general] Error in wireshark-gtk2 in show interfaces for capture
Maykel Franco
maykeldebian at gmail.com
Tue Apr 29 11:13:41 EDT 2014
2014-04-11 19:43 GMT+02:00 Kyle Terrien <kyleterrien at gmail.com>:
> On 04/10/2014 05:04 AM, Maykel Franco wrote:
>> Hi, I have installed wireshark-gtk2. But when go to Capture/Interfaces
>> I get this error:
>>
>> There are no interfaces on which a capture can be done.
>>
>> I follow this steps:
>>
>> Setting network privileges for dumpcap
>>
>> 1. Ensure your linux kernel and filesystem supports File Capabilities
>> and also you have installed necessary tools.
>>
>> 2. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap"
>>
>> 3. Start Wireshark as non-root and ensure you see the list of
>> interfaces and can do live capture.
>>
>> Limiting capture permission to only one group
>>
>> 1. Create user "wireshark" in group "wireshark".
>>
>> 2. "chgrp wireshark /usr/bin/dumpcap"
>>
>> 3. chmod 754 /usr/bin/dumpcap
>>
>> 4. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap"
>>
>> 5. Ensure Wireshark works only from root and from a user in the
>> "wireshark" group
>>
>>
>> Thanks in advanced.
>>
>
> That's strange. This is the same error that appears when running
> wireshark as a user not assigned to the wireshark group.
>
> The only configuration I had to do was add myself to the wireshark group
> (which wireshark-gtk2 created):
>
> # gpasswd -a kyle wireshark
>
> This is according to the instructions on the wiki [1].
>
> Here is some information on how dumpcap is installed on my box:
>
>> kyle at landru ~ $ ls -la /usr/bin/dumpcap
>> -rwxr-xr-- 1 root wireshark 85648 Apr 10 12:45 /usr/bin/dumpcap
>> kyle at landru ~ $ getcap /usr/bin/dumpcap
>> /usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip
>> kyle at landru ~ $ stat /usr/bin/dumpcap
>> File: ‘/usr/bin/dumpcap’
>> Size: 85648 Blocks: 168 IO Block: 4096 regular file
>> Device: 801h/2049d Inode: 1069550 Links: 1
>> Access: (0754/-rwxr-xr--) Uid: ( 0/ root) Gid: ( 150/wireshark)
>> Access: 2014-04-11 10:35:22.830667985 -0700
>> Modify: 2014-04-10 12:45:35.000000000 -0700
>> Change: 2014-04-11 10:35:11.947230948 -0700
>> Birth: -
>> kyle at landru ~ $ lsattr /usr/bin/dumpcap
>> -------------e-- /usr/bin/dumpcap
>> kyle at landru ~ $ pacman -Qo /usr/bin/dumpcap
>> /usr/bin/dumpcap is owned by wireshark-gtk2 1.10.6-1
>> kyle at landru ~ $
>
> --Kyle
>
> [1]: https://wiki.archlinux.org/index.php/Wireshark
>
After reboot the system archlinux, wireshark show the interfaces.
Thanks for all.
More information about the arch-general
mailing list