Query about monitoring unknown Internet traffic

Bret Busby bret.busby at gmail.com
Sun Oct 18 15:54:02 UTC 2015

On 18/10/2015, Petter Adsen <petter at synth.no> wrote:
> On Sun, 18 Oct 2015 19:17:43 +1100
> Karl Auer <kauer at biplane.com.au> wrote:
>> On Sun, 2015-10-18 at 09:43 +0200, Petter Adsen wrote:
>> > I just tried to install wireshark on this machine. During the install
>> > it showed me a dialog that asked me if members of the group 'wireshark'
>> > should be able to capture packets. Say 'yes' to that dialog, add your
>> > user to the 'wireshark' group, and log out and back in again so that
>> > the new group is picked up. That should fix your problem.
>> That's interesting. I installed the repo wireshark for Ubunti 14.04-2
>> LTS the day I installed the OS, because I use wireshark a fair bit. I
>> don't recall that question, I have no wireshark group on my system, and
>> obviously my username is not in that group.
> This was on 15.04 with wireshark 1.12.1+g01b65bf-4+deb8u3build0.15.04.1
> - I was pretty certain I got that question on either 14.04 or 14.10
> also, but as the OP was also running 15.04 it was irrelevant at the
> moment. The default choice in the dialog was 'no', though.
>> So I just set up the group, added myself to it, logged out and back in
>> and I'm now in the wireshark group. But starting wireshark as plain old
>> me still results in no snoopable interfaces. I still have to run
>> wireshark as root if I want to capture packets live on an interface.
> Yes, but as the group wasn't added to the system during the
> install, /usr/bin/dumpcap wouldn't have been setgid 'wireshark'.
>> Anyway, this looks like the absolute horses mouth:
>>    https://wiki.wireshark.org/CaptureSetup/CapturePrivileges
>> I haven't tried their techniques yet though.
> The dialog also pointed to /usr/share/doc/wireshark/README.Debian,
> which I assume say about the same thing as that web page. In short, it
> should give you the choice (again, if you missed it) if you run
> 'dpkg-reconfigure wireshark-common'. It will then use capabilities, or
> fall back to a suid binary if capabilities are not available.


I ran the command
sudo dpkg-reconfigure wireshark-common
and selected the <Yes> option for "Should non-superusers be able to
capture packets?"

Then, when I ran Wireshark, I got

No interface can be used for capturing in this system with the current
(Couldn't run /usr/bin/dumpcap in child p[rocess: Permission denied)

So, I still can't get it to work.

Bret Busby
West Australia

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992


More information about the ubuntu-users mailing list