Wireshark mailing list archives

Re: Cannot capture traffic on any interfaces after building Wireshark from Git source

From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Mon, 25 Sep 2017 14:49:13 -0400

On Sun, Sep 24, 2017 at 2:23 PM, Bryce Thomas <bryce.m.thomas () gmail com>
wrote:

There are numerous questions and answers online about how to successfully
capture packets in Wireshark without root permissions.  Notwithstanding, I
have
been unable to find an answer that addresses my particular scenario.

I am building Wireshark from source, on an Ubuntu 17.04 machine.
Specifically,
I am building from Git source control, branch `master-2.4`, commit SHA
`bebcaf1379557fa19d8321634c59e8ee6c3c59e8`.  The reason I am buildng from
version controlled source is that I would ultimately like to work on a
plugin,
which will ideally be contributed back to the Wireshark project.

I have gotten as far as successfully building and running Wireshark.  I
can see
a complete list of capture interfaces (wlan0, any, lo, eth0, etc.).
However,
when I attempt to capture on any of these interfaces, I get the following
error
in a dialog box:

The capture session could not be initiated on interface 'lo' (You don't

have

permission to capture on that device).

Please check to make sure you have > sufficient permissions, and that

you have

the proper interface or pipe specified.


I am building wireshark as follows:


... Which probably makes this question better suited for the -dev list.
But no matter.

```
./autogen.sh
./configure --enable-setcap-install --with-dumpcap-group=wireshark
make
```

Regarding groups & permissions, I already have a `wireshark` group, and my
user
belongs to the group:

```
groups | grep wireshark # it's there
groups $USER | grep wireshark # it's there
```

I am configuring the built version of dumpcap as follows:

```
sudo chmod 750 .libs/dumpcap
sudo chgrp wireshark .libs/dumpcap
sudo setcap cap_net_raw,cap_net_admin+eip .libs/dumpcap
```


I have worked like this in past (except that I just made .libs/dumpcap
setuid-root) and it worked fine.  I'm not sure why it wouldn't work in your
case.

Maybe try making it setuid-root and see if that works?

Or try:

% grep Cap /proc/<dumpcap pid>/status

I think you should see at least one bit set in CapEff.  If you don't then
the capability hasn't taken effect.

ps. FWIW a vast majority of the time while doing dissector development I
work with stored PCAP files.  I'll capture the traffic elsewhere then work
on the dissector until it works for the packets I've captured so far.  So:
no need to do live capture in my development environment.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Cannot capture traffic on any interfaces after building Wireshark from Git source Bryce Thomas (Sep 25)
- Re: Cannot capture traffic on any interfaces after building Wireshark from Git source Jeff Morriss (Sep 25)
  - Re: Cannot capture traffic on any interfaces after building Wireshark from Git source Peter Wu (Sep 28)
    - Re: Cannot capture traffic on any interfaces after building Wireshark from Git source jungle Boogie (Sep 28)