2014-04-11 19:43 GMT+02:00 Kyle Terrien <kyleterrien@xxxxxxxxx>: > On 04/10/2014 05:04 AM, Maykel Franco wrote: >> Hi, I have installed wireshark-gtk2. But when go to Capture/Interfaces >> I get this error: >> >> There are no interfaces on which a capture can be done. >> >> I follow this steps: >> >> Setting network privileges for dumpcap >> >> 1. Ensure your linux kernel and filesystem supports File Capabilities >> and also you have installed necessary tools. >> >> 2. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap" >> >> 3. Start Wireshark as non-root and ensure you see the list of >> interfaces and can do live capture. >> >> Limiting capture permission to only one group >> >> 1. Create user "wireshark" in group "wireshark". >> >> 2. "chgrp wireshark /usr/bin/dumpcap" >> >> 3. chmod 754 /usr/bin/dumpcap >> >> 4. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap" >> >> 5. Ensure Wireshark works only from root and from a user in the >> "wireshark" group >> >> >> Thanks in advanced. >> > > That's strange. This is the same error that appears when running > wireshark as a user not assigned to the wireshark group. > > The only configuration I had to do was add myself to the wireshark group > (which wireshark-gtk2 created): > > # gpasswd -a kyle wireshark > > This is according to the instructions on the wiki [1]. > > Here is some information on how dumpcap is installed on my box: > >> kyle@landru ~ $ ls -la /usr/bin/dumpcap >> -rwxr-xr-- 1 root wireshark 85648 Apr 10 12:45 /usr/bin/dumpcap >> kyle@landru ~ $ getcap /usr/bin/dumpcap >> /usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip >> kyle@landru ~ $ stat /usr/bin/dumpcap >> File: ‘/usr/bin/dumpcap’ >> Size: 85648 Blocks: 168 IO Block: 4096 regular file >> Device: 801h/2049d Inode: 1069550 Links: 1 >> Access: (0754/-rwxr-xr--) Uid: ( 0/ root) Gid: ( 150/wireshark) >> Access: 2014-04-11 10:35:22.830667985 -0700 >> Modify: 2014-04-10 12:45:35.000000000 -0700 >> Change: 2014-04-11 10:35:11.947230948 -0700 >> Birth: - >> kyle@landru ~ $ lsattr /usr/bin/dumpcap >> -------------e-- /usr/bin/dumpcap >> kyle@landru ~ $ pacman -Qo /usr/bin/dumpcap >> /usr/bin/dumpcap is owned by wireshark-gtk2 1.10.6-1 >> kyle@landru ~ $ > > --Kyle > > [1]: https://wiki.archlinux.org/index.php/Wireshark > After reboot the system archlinux, wireshark show the interfaces. Thanks for all.
