Wireshark mailing list archives

Re: Missing dumpcap when building 3.1.1


From: Guy Harris <guy () alum mit edu>
Date: Fri, 29 Nov 2019 11:17:25 -0800

On Nov 29, 2019, at 6:02 AM, Tom Bentley <t.j.bentley () gmail com> wrote:

I downloaded and built wireshark 3.1.1 from the website. When I run/wireshark the gui appears, but there in the 
"Capture" pane it says "No interfaces found". Furthermore (maybe related, maybe not) I had expected `dumpcap` to be 
in the run directory, but it's missing). So I'm wondering how I managed to mess up the build and what I need to do to 
fix it. 

On what operating system is this?

If it's Windows:

        The "You have to build all projects in Visual Studio" part of Roland Knall's first answer might apply, as might 
the "or on the console" part, although you'd have to use msbuild rather than make.

If it's a UN*X of some sort:

        A top-level "make" or "ninja" from the command line should have built everything; you should not have needed to 
build dumpcap separately, as Dario Lombardo said in his answer.

        And, once you've build dumpcap, you may have to set it up to run with special privileges, as per Roland Knall's 
second answer.  If you're going to *install* Wireshark, there's a CMake option DUMPCAP_INSTALL_OPTION that can be set 
to:

                "normal" - this means it gets no special privileges, which won't work on your OS, as you've found;

                "suid" - this means it will be installed set-UID root, which should be sufficient on all platforms;

                "capabilities" - this is Linux-only, and should be sufficient to capture on network interfaces, but not 
on, for example, USB buses.

        "capabilities" is safer than "suid", as it grants fewer capabilities, but 1) it's available only on Linux and 
2) isn't sufficient for some devices such as USB buses (you can still capture on USB *network adapters*, but you can't 
capture raw USB traffic if you're trying to analyze that rather than network traffic).

        if you install "suid", you might want to limit the executability of dumpcap to users in a particular group, so 
not everybody can run the set-UID dumpcap.  If so, you need to set another CMake option, DUMPCAP_INSTALL_GROUP, to the 
name of that group - the default is a group named "wireshark".  Only users in that group will be able to run dumpcap 
and thus only users in that group will be able to capture traffic with Wireshark.

        However, that's done as part of the installation process; if you want to run Wireshark from the build 
directory, you'll have to set the permissions etc. on dumpcap yourself, as per the page linked to by Roland Knall's 
second answer - and change the paths for dumpcap to the path to the dumpcap in the build directory.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread: