Wireshark · Wireshark-dev: [Wireshark-dev] Re: help - after building the Wireshark 4.5 cannot capture packets

Wireshark-dev: [Wireshark-dev] Re: help - after building the Wireshark 4.5 cannot capture packe

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>

Date: Sun, 2 Feb 2025 18:13:10 +0100

Hi yeah, you’re at the right place. Figuring out permission issues is hard when you’re not at the system itself.

My first thing would be to look for remnants of previous installations still lingering and being picked up.

On 2 Feb 2025, at 15:51, Mayank <mayankbhaskar007@xxxxxxxxx> wrote:

In addition to the above, I couldn't save the captured file in a custom location when I run on `sudo` from './run/wireshark'.

Folks, could you confirm that I am writing this query on the `wireshark-dev@xxxxxxxxxxxxx` email group which is the correct place for this type of debugging?

On Thu, 30 Jan 2025 at 23:21, Mayank <mayankbhaskar007@xxxxxxxxx> wrote:
Fellow Devs,

After building the Wireshark 4.5 via 'make' and running it via './run/wireshark' on Ubuntu 22.05 LTS, I cannot capture packets, if not logged in via super user. I am getting the standard error message after running the Wireshark capture on my USB UE200 to RJ45 adapter -

** (wireshark:7239) 22:39:55.600958 [Capture MESSAGE] -- Capture Start ...
** (wireshark:7239) 22:39:55.656119 [Capture MESSAGE] -- Error message from child: "You do not have permission to capture on device "enx503eaa96213f".
(socket: Operation not permitted)", "Please check to make sure you have sufficient permissions.

On Debian and Debian derivatives such as Ubuntu, if you have installed Wireshark from a package, try running

sudo dpkg-reconfigure wireshark-common

selecting "<Yes>" in response to the question

Should non-superusers be able to capture packets?

adding yourself to the "wireshark" group by running

sudo usermod -a -G wireshark {your username}

and then logging out and logging back in again.

If you did not install Wireshark from a package, ensure that Dumpcap has the needed CAP_NET_RAW and CAP_NET_ADMIN capabilities by running

sudo setcap cap_net_raw,cap_net_admin=ep {path/to/}dumpcap

and then restarting Wireshark.

I referred to https://gitlab.com/wireshark/wireshark/-/issues/20009, but that post was of little help.

getcap ./dumpcap returned
./dumpcap cap_net_admin,cap_net_raw=ep

Any recommendations?

Thanks,
Mayank Bhaskar
Independent Machine Learning Consultant

_______________________________________________
Wireshark-dev mailing list -- wireshark-dev@xxxxxxxxxxxxx
To unsubscribe send an email to wireshark-dev-leave@xxxxxxxxxxxxx

Follow-Ups:
- [Wireshark-dev] Re: help - after building the Wireshark 4.5 cannot capture packets
  - From: John Thacker

References:
- [Wireshark-dev] Re: help - after building the Wireshark 4.5 cannot capture packets
  - From: Mayank

Prev by Date: [Wireshark-dev] Re: help - after building the Wireshark 4.5 cannot capture packets
Next by Date: [Wireshark-dev] Re: help - after building the Wireshark 4.5 cannot capture packets
Previous by thread: [Wireshark-dev] Re: help - after building the Wireshark 4.5 cannot capture packets
Next by thread: [Wireshark-dev] Re: help - after building the Wireshark 4.5 cannot capture packets
Index(es):
- Date
- Thread