I'm really liking this dumpcap ring buffer. It's working good using both the -a filesize:xxxx and the -b files:xxx options. It did not work with just -b and two option types following. I'm using 1.2.7 of dumpcap.
That's not my issue as you may have guessed from the subject line.
My problem is that files are saved as the user (root, wireshark, or me) and 600 permissions no matter what I do with umask, setgid, and setcap. I have not found the solution.
I really would like to be able to have group permission so that the team can access them without requring dangerous root privilege.
What's the magic bullet to accomplish this?
I followed this write-up to get dumpcap locked to group wireshark and non-root privs:
http://wiki.wireshark.org/CaptureSetup/CapturePrivilegesAnyone tried to do this?
/*“ I am looking for a lot of men who have an infinite capacity to not know what can't be done. ” -- Henry Ford */