Query about monitoring unknown Internet traffic

Petter Adsen petter at synth.no
Sun Oct 18 16:05:38 UTC 2015 

On Sun, 18 Oct 2015 23:54:02 +0800
Bret Busby <bret.busby at gmail.com> wrote:

> On 18/10/2015, Petter Adsen <petter at synth.no> wrote:
> > On Sun, 18 Oct 2015 19:17:43 +1100
> > Karl Auer <kauer at biplane.com.au> wrote:
> >  
> >> On Sun, 2015-10-18 at 09:43 +0200, Petter Adsen wrote:  
> >> > I just tried to install wireshark on this machine. During the install
> >> > it showed me a dialog that asked me if members of the group 'wireshark'
> >> > should be able to capture packets. Say 'yes' to that dialog, add your
> >> > user to the 'wireshark' group, and log out and back in again so that
> >> > the new group is picked up. That should fix your problem.  
> >>
> >> That's interesting. I installed the repo wireshark for Ubunti 14.04-2
> >> LTS the day I installed the OS, because I use wireshark a fair bit. I
> >> don't recall that question, I have no wireshark group on my system, and
> >> obviously my username is not in that group.  
> >
> > This was on 15.04 with wireshark 1.12.1+g01b65bf-4+deb8u3build0.15.04.1
> > - I was pretty certain I got that question on either 14.04 or 14.10
> > also, but as the OP was also running 15.04 it was irrelevant at the
> > moment. The default choice in the dialog was 'no', though.
> >  
> >> So I just set up the group, added myself to it, logged out and back in
> >> and I'm now in the wireshark group. But starting wireshark as plain old
> >> me still results in no snoopable interfaces. I still have to run
> >> wireshark as root if I want to capture packets live on an interface.  
> >
> > Yes, but as the group wasn't added to the system during the
> > install, /usr/bin/dumpcap wouldn't have been setgid 'wireshark'.
> >  
> >> Anyway, this looks like the absolute horses mouth:
> >>
> >>    https://wiki.wireshark.org/CaptureSetup/CapturePrivileges
> >>
> >> I haven't tried their techniques yet though.  
> >
> > The dialog also pointed to /usr/share/doc/wireshark/README.Debian,
> > which I assume say about the same thing as that web page. In short, it
> > should give you the choice (again, if you missed it) if you run
> > 'dpkg-reconfigure wireshark-common'. It will then use capabilities, or
> > fall back to a suid binary if capabilities are not available.
> >  
> 
> Hello.
> 
> I ran the command
> sudo dpkg-reconfigure wireshark-common
> and selected the <Yes> option for "Should non-superusers be able to
> capture packets?"
> 
> Then, when I ran Wireshark, I got
> 
> "
> No interface can be used for capturing in this system with the current
> configuration
> (Couldn't run /usr/bin/dumpcap in child p[rocess: Permission denied)
> "

I'll quote the relevant part again:

> Say 'yes' to that dialog, add your
> user to the 'wireshark' group, and log out and back in again so that
> the new group is picked up. That should fix your problem.

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."

More information about the ubuntu-users mailing list