Wireshark · Wireshark-dev: [Wireshark-dev] Re: help - after building the Wireshark 4.5 cannot capture packets

Wireshark-dev: [Wireshark-dev] Re: help - after building the Wireshark 4.5 cannot capture packe

From: John Thacker <johnthacker@xxxxxxxxx>

Date: Sun, 2 Feb 2025 12:41:09 -0500

On Sun, Feb 2, 2025 at 12:13 PM Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:

Hi yeah, you’re at the right place. Figuring out permission issues is hard when you’re not at the system itself.

My first thing would be to look for remnants of previous installations still lingering and being picked up.

On 2 Feb 2025, at 15:51, Mayank <mayankbhaskar007@xxxxxxxxx> wrote:

In addition to the above, I couldn't save the captured file in a custom location when I run on `sudo` from './run/wireshark'.

I'm not sure exactly what you mean by "in a custom location," but (unlike many other programs started as root) dumpcap on Linux drops capabilities other than CAP_NET_RAW and CAP_NET_ADMIN before starting a capture, including CAP_DAC_OVERRIDE, which means that, even if started as root (or suid, or sudo), it cannot write to read-only directories or otherwise bypass file read, write, and execute permission checks.

A first place to look for capture permission errors is here:

https://wiki.wireshark.org/CaptureSetup/

https://wiki.wireshark.org/CaptureSetup/CapturePrivileges

John

References:
- [Wireshark-dev] Re: help - after building the Wireshark 4.5 cannot capture packets
  - From: Mayank
- [Wireshark-dev] Re: help - after building the Wireshark 4.5 cannot capture packets
  - From: Jaap Keuter

Prev by Date: [Wireshark-dev] Re: help - after building the Wireshark 4.5 cannot capture packets
Next by Date: [Wireshark-dev] Trying to understand Stratoshark
Previous by thread: [Wireshark-dev] Re: help - after building the Wireshark 4.5 cannot capture packets
Next by thread: [Wireshark-dev] Trying to understand Stratoshark
Index(es):
- Date
- Thread