Wireshark-users: [Wireshark-users] Wireshark-users: Re: Unable to get tshark to capture packets w

From: "Fisher, AJ" <aj.fisher@xxxxxxxxxx>
Date: Tue, 18 May 2010 14:13:02 -0700
Guy Harris wrote:

>Is there a "dumpcap" program installed?  I'd forgotten when we made dumpcap the program that does all the capturing - I guess it was before the 1.0 release.

>I'm a bit surprised that the error message sent up the pipe wasn't reported by tshark.  I'll have to try that with a newer version of Wireshark.

>If there's a dumpcap program installed, you can probably make it set-UID root, which should allow you to capture as an ordinary user.  (You really don't want to run the N million lines of Wireshark/TShark code as root.)

BINGO! After "chmod 4755 /usr/sbin/dumpcap root" I can now run tshark as user! Thanks Guy!

As for the HP-UX 11.31 "tshark -p" and without the "-p" flag here is the command/output:

$ tshark
tshark: Couldn't load module /opt/iexpress/wireshark/lib/wireshark/plugins/1.0.11/asn1.so: Unsatisfied code symbol 'g_node_insert_before' in load module '/opt/iexpress/wireshark/lib/wireshark/plugins/1.0.11/asn1.so'.
Capturing on lan0
tshark: Can't install filter (recv_ack: promisc_phys: UNIX error - Not owner).
Please report this to the Wireshark developers.
(This is not a crash; please do not report it as such.)
0 packets captured

AJ Fisher