Wireshark mailing list archives
Re: Cannot capture traffic on any interfaces after building Wireshark from Git source
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Mon, 25 Sep 2017 14:49:13 -0400
On Sun, Sep 24, 2017 at 2:23 PM, Bryce Thomas <bryce.m.thomas () gmail com> wrote:
There are numerous questions and answers online about how to successfully capture packets in Wireshark without root permissions. Notwithstanding, I have been unable to find an answer that addresses my particular scenario. I am building Wireshark from source, on an Ubuntu 17.04 machine. Specifically, I am building from Git source control, branch `master-2.4`, commit SHA `bebcaf1379557fa19d8321634c59e8ee6c3c59e8`. The reason I am buildng from version controlled source is that I would ultimately like to work on a plugin, which will ideally be contributed back to the Wireshark project. I have gotten as far as successfully building and running Wireshark. I can see a complete list of capture interfaces (wlan0, any, lo, eth0, etc.). However, when I attempt to capture on any of these interfaces, I get the following error in a dialog box:The capture session could not be initiated on interface 'lo' (You don'thavepermission to capture on that device). Please check to make sure you have > sufficient permissions, and thatyou havethe proper interface or pipe specified.I am building wireshark as follows:
... Which probably makes this question better suited for the -dev list. But no matter.
``` ./autogen.sh ./configure --enable-setcap-install --with-dumpcap-group=wireshark make ``` Regarding groups & permissions, I already have a `wireshark` group, and my user belongs to the group: ``` groups | grep wireshark # it's there groups $USER | grep wireshark # it's there ``` I am configuring the built version of dumpcap as follows: ``` sudo chmod 750 .libs/dumpcap sudo chgrp wireshark .libs/dumpcap sudo setcap cap_net_raw,cap_net_admin+eip .libs/dumpcap ```
I have worked like this in past (except that I just made .libs/dumpcap setuid-root) and it worked fine. I'm not sure why it wouldn't work in your case. Maybe try making it setuid-root and see if that works? Or try: % grep Cap /proc/<dumpcap pid>/status I think you should see at least one bit set in CapEff. If you don't then the capability hasn't taken effect. ps. FWIW a vast majority of the time while doing dissector development I work with stored PCAP files. I'll capture the traffic elsewhere then work on the dissector until it works for the packets I've captured so far. So: no need to do live capture in my development environment.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Cannot capture traffic on any interfaces after building Wireshark from Git source Bryce Thomas (Sep 25)
- Re: Cannot capture traffic on any interfaces after building Wireshark from Git source Jeff Morriss (Sep 25)