Monday, January 10, 2011
Posted in
Linux
|
When you tried to launch the wireshark capturing, you may encounter a problem: there's no network interfaces available for capturing. This is because the executable(/usr/bin/dumpcap) which is doing the indeed capturing job needs permission of root. Fortunately, I found the solution at wireshark wiki:CapturePrivileges, and I did some modification due to security concern. And I am going to keep a memo here in case someday someone may need this :-)
logout & login, and you're done!
p.s.
[1]. useradd: -U means "Create a group with the same name as the user, and add the user to this group."
$sudo useradd -U -M -s /bin/false wireshark$sudo chgrp wireshark /usr/bin/dumpcap$sudo chmod 754 /usr/bin/dumpcap$sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap$sudo gpasswd -a [username] wireshark
logout & login, and you're done!
p.s.
[1]. useradd: -U means "Create a group with the same name as the user, and add the user to this group."
[2]. useradd: -M means "Do no create the users home directory."
[3]. useradd: -s /bin/false means "Do no give the user a login shell."
[4]. chgrp: Change the group of each FILE to GROUP.
[4]. chgrp: Change the group of each FILE to GROUP.
3 意見:
hey there :) i did all the commands you said but now i get an error in wireshark saying "Couldn't run /usr/bin/dumpcap in child process: Permission denied"
says this when i start it and when i click on interface list etc. any ideas of how to fix?
cheers
jo
logout and back in, as it says
Hi there,
This is way to complicated. You should call "dpkg-reconfigure wireshark-common" and answer yes instead, as described here: Ubuntu machine - no interfaces listed
Post a Comment